{"report_id":"ebc5eed7-a972-499f-80b2-dc6d28c45715","version":6,"status":"done","tags":["suspicious"],"date":"2026-03-04T13:25:42Z","url":{"schema":"http","addr":"pump-funds.fun","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"172.67.158.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"pump-funds.fun/","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"title":"Pump.fun Cashback | Get 70% Back on Rug Pull Losses","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"pump-funds.fun","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"172.67.158.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-08T13:25:42Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":9,"urlquery":2,"analyzer":10}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:18Z","timestamp":1772630718,"ip_dst":{"addr":"104.16.248.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":57398,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)","source":"{\"timestamp\":\"2026-03-04T13:25:18.970278+0000\",\"flow_id\":1561290182919707,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":57398,\"dest_ip\":\"104.16.248.249\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027695,\"rev\":5,\"signature\":\"ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_07_09\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2024_04_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"DoH\"],\"updated_at\":[\"2023_10_05\"]}},\"tls\":{\"sni\":\"cloudflare-dns.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3274,\"start\":\"2026-03-04T13:25:18.951835+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36956,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.190346+0000\",\"flow_id\":2204820165544564,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":36956,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":36956},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-03-04T13:25:22.182900+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36966,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.194610+0000\",\"flow_id\":117090250054250,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":36966,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":36966},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-03-04T13:25:22.186986+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60130,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.202316+0000\",\"flow_id\":532035630459124,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":60130,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":60130},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-03-04T13:25:22.190708+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60136,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.206618+0000\",\"flow_id\":932811913754692,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":60136,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":60136},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2599,\"start\":\"2026-03-04T13:25:22.194628+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60148,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.208940+0000\",\"flow_id\":1813471335418454,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":60148,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":60148},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2674,\"start\":\"2026-03-04T13:25:22.199254+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60142,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.211828+0000\",\"flow_id\":97627605699061,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":60142,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":60142},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-03-04T13:25:22.199157+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60156,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.364034+0000\",\"flow_id\":764088418464038,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":60156,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":60156},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2672,\"start\":\"2026-03-04T13:25:22.356646+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:25:22Z","timestamp":1772630722,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60168,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-04T13:25:22.388861+0000\",\"flow_id\":2243547885653260,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.29\",\"src_port\":60168,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.29\",\"port\":60168},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-03-04T13:25:22.380172+0000\"}}"}],"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-04","alert":"Hunting_JS_WebAssembly","trigger":"laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cloudflare-dns.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-23","domain_rank":0,"first_seen":"2026-02-25T03:05:04.781981Z","last_seen":"2026-03-04T13:08:02.812325Z","alert_count":8,"request_count":8,"received_data":3307850,"sent_data":3816,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pump-funds.fun","ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-03","domain_rank":0,"first_seen":"2026-03-04T13:25:45.30624Z","last_seen":"2026-03-04T13:25:45.306241Z","alert_count":1,"request_count":14,"received_data":221821,"sent_data":5909,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cloudflare-dns.com","ip":{"addr":"104.16.248.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-03-28","domain_rank":112,"first_seen":"2015-04-09T01:00:28Z","last_seen":"2026-03-02T13:24:08.785249Z","alert_count":1,"request_count":1,"received_data":513,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"laxf2z.vercel.app","ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2020-01-28","domain_rank":0,"first_seen":"2026-03-04T13:08:02.168446Z","last_seen":"2026-03-04T13:08:02.168446Z","alert_count":0,"request_count":4,"received_data":2855983,"sent_data":2157,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-01T22:15:00.771016Z","alert_count":0,"request_count":5,"received_data":246835,"sent_data":2770,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-01T22:18:12.522658Z","alert_count":0,"request_count":1,"received_data":13321,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"pump-funds.fun/noir.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9d1232275094330dab56b95f76c10f9e","sha1":"6ae0c0fb3cab11f0672212d11a2a68f71cf86be0","sha256":"28c11cb9ee9a00ceb7b52381f6d586fd9c58b52bd04db92a4885880eb3edb538","sha512":"f265da61058d0589d8282c685dfcaa76ab205a89aa1d04dec4731db0b2ca1552076d1e21df90f5884b63c04a3291f4d32dd5a6e409a7e7c670c0802acc4689b0","ssdeep":"768:z7p4/AGg274TclQv4BEnFJkkdNnZfKmO0hQlYhpMreFjZqVoIw/4:z7p4YGg2ETcev4BEnbkMKrCaYhpmeFNg","tlshash":"61d23ba7ce8f3d65df741e0823df18c9092d1b8fa8e1488d550aabc8c24e67715cc5e9","size":30223,"data":"","first_seen":"2026-03-02T13:24:13.097112Z","last_seen":"2026-03-04T14:00:15.997203Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/js/support-modal.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bbd0d55de929b6da87749509c9226f95","sha1":"39b7411cced962fa7ad4432ffbacefdec087d011","sha256":"322d44f191f8dbf416f43e4d1c3c5e8e2d1f8212acceca78f031463732847067","sha512":"eaba099111a0039761e4808f2c7d66f69a206d1a2122ee8fd4bc0e7f14f4be6828be26fca1c465d9678048d85cf515c609b6176a01c3fc5747a9280a71f72457","ssdeep":"96:mMj8hbkY0x1DITLcj7oY8MOOz7XfYJHoGqCJXuPCOJWfBlH3:8hbkY0xl2LoUaXQJ+CJXuqOJWH","tlshash":"7ec1f2b45abb3021845f606b7bdf1a673e3480875c49f511bd3c83914fe58aec863b54","size":6110,"data":"","first_seen":"2026-03-02T13:47:47.997789Z","last_seen":"2026-03-30T22:24:38.2136Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/js/chat-support.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8f56cbba16abca703b3cc18e50a43abd","sha1":"48ad3e29b0d7f0da67d910a1dcba69aeab09ab85","sha256":"c91fc3552cc5ffabcc9de078cd060d2f9503fbd8cae93bea3ee7e0df2e4cc3eb","sha512":"e68d1bedd680727ef3fc3d171a864b13d0ebd086e1f8ebf3f2a3679395a97aa1f15c2fee90f3d598e272a09db811e9b049755a59b5096af707d72a8f56faa471","ssdeep":"768:vy302aY4tXXf/Sr40C+AePT5BEkHqkII7w5asTeFacn+wci27B3a9QcMPU5dhLjS:vyknXXf/Sr40C+AePT5BEkKkII7w5ast","tlshash":"83c2956d20e2103909b3a13fab6b212bff73405b224785207d5e47512f70f94a6b7fa9","size":27708,"data":"","first_seen":"2026-03-02T13:47:48.014504Z","last_seen":"2026-03-30T22:24:38.208078Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","fqdn":"laxf2z.vercel.app","domain":"laxf2z.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3f9305bfe231b46f46f6aa4f9601f2a2","sha1":"8d69cdd50045daa452152815e21bc2affd617503","sha256":"8bd4b9b1946d5eeeb34ec58e7a74084486a14275555be285f9f000a66be65dad","sha512":"09b1ca85d25a7310e780af028459e9a82c4f0e7724e51d2df745acbe0becfd442c2fd31a336fc36f8d3467a29d265db1c4cbbfef732ecdf67b0d980e0890901a","ssdeep":"","tlshash":"cd21d01be5a36471f866306e67cbf60531375847810eda047e0c9d017fa5116873e6da","size":1378,"data":"","first_seen":"2026-02-25T03:05:09.99146Z","last_seen":"2026-03-05T13:47:43.068318Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","fqdn":"laxf2z.vercel.app","domain":"laxf2z.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7573ebd1f43d4afd768575f676f768a7","sha1":"691138df98eaaf350a886bdc60c9ec7b654a3246","sha256":"549df9e62c37e19c960536498929e1beea1996fc6bb04f39c189a8b6436b042c","sha512":"1f756d880c2f33c2175361646e4ba376ca64ea888403a14d123ea01da20fcc3bad3b001402149fdc3d7180734791f895fe8d96dd1d250687ea210f342ab3ef74","ssdeep":"","tlshash":"a8c01216604611b5262856088b3225547c65225b396259c2aabdc2572f1068381b46dd","size":191,"data":"","first_seen":"2026-03-04T13:25:49.754032Z","last_seen":"2026-03-04T13:25:49.754032Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","fqdn":"laxf2z.vercel.app","domain":"laxf2z.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee81a551e614c9f73464467c5f54d8c4","sha1":"820a35a7c602f41f3686da09541a7ab8c64525df","sha256":"5fa081894fc52d7fd15d78a5f06c4f81fccdad9dae7a7e305154d33a17844d49","sha512":"4742a730b4d6452bfc27daa6c82218b81f85313b05d40951edcaa9711e05eb157d3269ed7aa166de91bd1b07248b8f2388b09fd818f99e7374a0b047c3f181ca","ssdeep":"49152:S4+xtaUFAYp8Su3ilTYDMsvpXrdVCiG/NdUgmS9UT9bCWCawOJGSH17129hBpWLi:MxuitgJCWCawOJG","tlshash":"bad57ca073b1707907e792d454a71100f334a44a700984bcfbac95e7af9aaca957ff78","size":2847366,"data":"","first_seen":"2026-03-04T13:08:07.267518Z","last_seen":"2026-03-04T13:25:49.757009Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-04","alert":"Hunting_JS_WebAssembly","trigger":"laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/js/script.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"660a62eebc4c6cf6fed68ad4b85f3b10","sha1":"a3f8d5d53115ddde637292ffb3c6a9204bc52e66","sha256":"ab5d39d2222926cb3a35cef1cf1676b49552102440bd773da930d99faa086392","sha512":"a904c9cb52206a1d14065f55e5764d62196e6ccdf879077a96d6eb868dc9c2b4d80fd56667836ca94e21dcc86a3ed8d943ae1513ce69c891fd5c74849daee394","ssdeep":"192:yw5kX+sObyHw1HBFUmyAjt4hRYIkbw2uCymH2fqMo2GtrVr1TY+s1BUC3kFwxka8:yILsObybQ2No9TozT3avcZc","tlshash":"2672636da5b1003586b3727a1b9fa248fa3340633505ce043e1d8b446ff2b559ab3fd9","size":17254,"data":"","first_seen":"2026-03-02T13:47:47.981894Z","last_seen":"2026-03-30T22:24:38.198912Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"8be36d953aec39e9a895ec3b71035060","sha1":"e07fc383872e5847ffdb36e51d33b9cb6a4fb8a4","sha256":"35a1b36186f155bae07b15dab00b537e1231b2a26a21e14d8d3f3bdb00ca9270","sha512":"03e61e7868053fc45f93bd8ee36707f4015c79e6065cb163f8b8a7a54caa397de76e15df2d9d7891415feb0963f8a83669d14692b5e9cb301912a18b661c4e91","ssdeep":"192:EQ11Gh/u1UrpriQeXQIdCpqO4D4ogfoiY+0dhNPnsEsC32pf7kuqGZvkpSFVBbNV:X/UqDCpJwskwkEZxtN+NH6R+4n","tlshash":"faa2f98ebfa3113666a3712f2bafa15d717650031009cd24bdbd93006f90a75127afed","size":22587,"data":"","first_seen":"2026-03-02T13:24:13.10817Z","last_seen":"2026-03-04T14:00:16.003097Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:06:40 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134deeadc23eb-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":310891,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"33dac4910ae2d87ea48110d0124a8fce","sha1":"672b52499742746080bfee22e32a2c48fd916f2f","sha256":"d2faf22814557ba3e33c2a41a8e3fbf4fff057a54cff8f8834dee238964282a9","sha512":"ab708ce66f3cc241ae82653107d38b9b7ab42113d94bcb2a81b862f7e280a5686b994bc4ad8093973e993c4f4f96827e87c8474374df07372bde4ee29b7dbd15","ssdeep":"6144:bfw++FELEn9n81uoNI/ssN2OlwXVAQ0Glh/tNEkF/G7PYiyeM89tvXXTRCU:bw+YEyoNI/qVAQPiktG7xzVnTR/","tlshash":"436423e9f03d1b078ea9202822092be12ee3517d5dbd7c3353449d6d5b8787e6dc898e","first_seen":"2026-03-04T13:25:49.701905Z","last_seen":"2026-03-04T13:25:49.701905Z","times_seen":1,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":161,"dns":0,"connect":2,"send":0,"wait":132,"receive":6,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/api/site-presence?event=heartbeat","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:34.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"POST /api/site-presence?event=heartbeat HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 116\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":116,"data":"{\"status\":\"online\",\"event\":\"heartbeat\",\"source\":\"main-script-heartbeat\",\"page\":\"/\",\"visitorId\":\"v_523623ea69a908eb\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:34 GMT\r\ncontent-type: application/json; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oMcVZ2qBstNodWF3yRD8maiIpVM0auaK9jDL2g%2BTaXN9b5Toz1p3hh8TXdA5lLHSn15CO7E4CmnhF6DHyMMJCJVSAsOkR0yqxGYEL%2B%2BM\"}]}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncache-control: no-store, no-cache, must-revalidate, private\r\npragma: no-cache\r\nexpires: 0\r\netag: W/\"60-zgWueyNKeGhIVHNBjq/8mwW9DFU\"\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d713528987a95bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6e14759f46f68bffd49f7a7fadc90b3f","sha1":"ce05ae7b234a7868485473418eaffc9b05bd0c55","sha256":"053dfc5a07e1a87427ecfa591eefcd3928ffd6eb42ec6b8091d42a856486f2a4","sha512":"7f4ae17686a8704db78d3ff1f25338d2f3d7da20887d75fc3428b1dd400811ea379e743c50d6b7e360f87af0144230ec6aab389161d650ddb2981f940d4bc893","ssdeep":"","tlshash":"d5b01244546810315088128210140e102edc58f3e2f31c95d14e85403943289a1b7803","first_seen":"2026-03-04T13:25:49.706003Z","last_seen":"2026-03-04T13:25:49.706003Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/css/support-modal.css","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /css/support-modal.css HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ja960O6pvlCrRUqf6cze8E%2Ff34cq8HVjv0fVqu3D9pRXeAjTX%2F%2BOAPqszAvbMHyppMlPEyFls8aoJetTwStxy7OurSLFNqoDJFIvQek6\"}]}\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 02 Mar 2026 21:13:15 GMT\r\netag: W/\"ee5-19cb065eb1a\"\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c7fb5795bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3813,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"c42c024da040a3adcf1cdf5b09b5edcc","sha1":"2045520c991be880700991557e84779e5c51ba6b","sha256":"14935616028c303a7cc053be63ca7f68d61e1f3dcca91577d2f80f14beff66b2","sha512":"744bfa79ef9c51ae2daa6ff75d01bcb213b34fd3abb09c5fd40437baa25a01cb619e81850cd7087d28a6db440f4309303d752816068094a9fd5c358f007dee42","ssdeep":"","tlshash":"5b7115819af71910fd1fd4663fe24e53a6289203c05ae82d7fe8328c4fa91d8d195f58","first_seen":"2026-03-02T13:47:47.979715Z","last_seen":"2026-03-30T22:24:38.203818Z","times_seen":12,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/noir.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /noir.js HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=03%2BuF9qWLZFOYre0fNERSvbXZ1lKdKvBXYB1WzHsy6kyEIaclzxJQ1TGzxRUTrIzLpcPtljAeF4JjMPnO4OpNd3yIE228NpzzN38hFwj\"}]}\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 02 Mar 2026 17:57:07 GMT\r\netag: W/\"760f-19cafb25b2c\"\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c80b5d95bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30223,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (30223), with no line terminators","md5":"9d1232275094330dab56b95f76c10f9e","sha1":"6ae0c0fb3cab11f0672212d11a2a68f71cf86be0","sha256":"28c11cb9ee9a00ceb7b52381f6d586fd9c58b52bd04db92a4885880eb3edb538","sha512":"f265da61058d0589d8282c685dfcaa76ab205a89aa1d04dec4731db0b2ca1552076d1e21df90f5884b63c04a3291f4d32dd5a6e409a7e7c670c0802acc4689b0","ssdeep":"768:z7p4/AGg274TclQv4BEnFJkkdNnZfKmO0hQlYhpMreFjZqVoIw/4:z7p4YGg2ETcev4BEnbkMKrCaYhpmeFNg","tlshash":"61d23ba7ce8f3d65df741e0823df18c9092d1b8fa8e1488d550aabc8c24e67715cc5e9","first_seen":"2026-03-02T13:24:13.097112Z","last_seen":"2026-03-04T14:00:15.997203Z","times_seen":12,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/api/site-presence?event=online","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"POST /api/site-presence?event=online HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 108\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":108,"data":"{\"status\":\"online\",\"event\":\"online\",\"source\":\"main-script-init\",\"page\":\"/\",\"visitorId\":\"v_523623ea69a908eb\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SoN4b%2B7TjkALWJTV3L3mit11N0gKRhwc3ODk84Bn8ZkMPyYToUp%2Ff3WFZ32zgahUfRQe1nSv2%2B%2FvMrniHPDqAkaKh3gD9c1l%2FRHPLlcM\"}]}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncache-control: no-store, no-cache, must-revalidate, private\r\npragma: no-cache\r\nexpires: 0\r\netag: W/\"5f-qetyC8wX+MtBLRhNecC2LMy82dw\"\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c95ba895bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3f5d25591119cd8be0167de7b25931e3","sha1":"a9eb720bcc17f8cb412d184d79c0b62cccbcd9dc","sha256":"55978b081e4519510a9968ac98bd33137c03eb571f9b8c2297e3650c60e60cce","sha512":"fc19f275d22a35c383ba741238959e17729b9d9affbdc3f52c96909b548fd5e41d382ff0b5b1fdc0500f4e2d593ad5f516b5ab16ed0e5bbe283637be24d11688","ssdeep":"","tlshash":"73b012405468103190c8124220141f102dec54f3d2f31c91e14e8540391324aa1a7803","first_seen":"2026-03-04T13:25:49.71445Z","last_seen":"2026-03-04T13:25:49.71445Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3847,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3847,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cloudflare-dns.com/dns-query?name=_r.chrome-extension-da0e5-bc.com\u0026type=TXT","fqdn":"cloudflare-dns.com","domain":"cloudflare-dns.com","tld":"com"},"ip":{"addr":"104.16.248.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflare-dns.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"SSL.com SSL Intermediate CA ECC R2","organization":"SSL Corp"},"validity":{"start":"Wed, 31 Dec 2025 19:20:01 GMT","end":"Mon, 21 Dec 2026 19:20:01 GMT"},"fingerprint":{"sha1":"F8:86:35:01:72:60:D4:0B:9E:B4:17:BE:E7:37:37:91:1B:63:0E:59","sha256":"E3:B0:28:26:78:9D:65:3D:22:4D:3E:DA:CB:E4:E8:77:CB:72:86:FC:4C:92:26:72:F6:22:67:41:CA:57:AD:65"}}},"request":{"raw":"GET /dns-query?name=_r.chrome-extension-da0e5-bc.com\u0026type=TXT HTTP/1.1\r\nHost: cloudflare-dns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/dns-json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: application/dns-json\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\ncontent-length: 237\r\ncf-ray: 9d7134c9ae0f8a18-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":237,"size_decoded":0,"mime_type":"application/dns-json","magic":"JSON text data","md5":"e0fcb5543cec3c7bda9bb3c847c82671","sha1":"651247346a7514b007c65d2c23d6bbe5016d8e14","sha256":"572f511f1293045fc9ba05b3f94de20677b10c65bfdc289d21ca7fa55abfcbed","sha512":"6fabb1879d2e7c72a5d3c1c2101bc10f13292f6abe59f97b6ec52ac2fa071f1e8fe6fe8063df67776fc7cf47cd4d1dbd79d0e462738a9bf0bbea41371f76eaf9","ssdeep":"","tlshash":"d5d0a785908880ac740b6744c4d314479f7c22b273dcbeb99a482f54e2cb341904626b","first_seen":"2026-03-04T13:08:07.259665Z","last_seen":"2026-03-04T13:25:49.717551Z","times_seen":3,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":48,"dns":11,"connect":8,"send":0,"wait":15,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cloudflare-dns.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:18 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134dddeb74c11-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"eeebcd74061a9dcd7dfad338ebe1d46a","sha1":"23148fe8cd0cfe6b4379103d03dabde517e9bfd9","sha256":"631978ce1c77fdc8360949130dc08a761d8a5cbf0b87875b7b1556706cabc068","sha512":"e151fd7805ccbf649173ed454739604bbb31cbd0daa1dbf057454363c74532c9a5c2310e516f087f21ef09e5cd7de46e91d67e01815274b82573caae494eff45","ssdeep":"12288:/2TA4vVLmF/WbRkFOppRWsWNbGSQHJAUOUsLOsWZssG5bxVWhseThDII57tSKnXb:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVr","tlshash":"41f4233ac26c0681a9a500112e6526604c337cbc54feea3383eddf3adb5b92d6da5295","first_seen":"2026-02-25T03:05:09.955526Z","last_seen":"2026-03-07T02:01:37.494267Z","times_seen":63,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":29,"dns":1,"connect":1,"send":0,"wait":107,"receive":34,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/images/pump-logomark.svg","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /images/pump-logomark.svg HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FAKls93gTT9KdClSTUnZX1k1dl7WzJb%2FTmbptnTRbjinECPQ8dLZYtYKP11HhyNKuzGppESznJq%2FX9klr8JYX54aEbug3MMpTRTz1M6Z\"}]}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 27 Feb 2026 12:45:37 GMT\r\netag: W/\"a64-19c9f2215bc\"\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c7fb5995bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-05-04T12:04:43.719425Z","times_seen":123,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/images/pump-logomark.svg","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:19.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /images/pump-logomark.svg HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:19 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kijpgX3qakMaJm2wkUaEpd1IW%2BLnzc%2Bk9EPigbaL8GIdAvjI%2B9u17dx2oDdJ2aP01XprafMiwHV%2FjCb%2BKVHKXDYz4IbNTH%2BTAw60015E\"}]}\r\npriority: u=6,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 27 Feb 2026 12:45:37 GMT\r\netag: W/\"a64-19c9f2215bc\"\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134cbbc6195bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-05-04T12:04:43.719425Z","times_seen":123,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:15 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134ddef144c11-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"13ec753f0f7ac3f2e09cd8fb3d159fd6","sha1":"fb7c640e5ea1b3eb5af719aec31fe04a971c27db","sha256":"69c12f796a581c42a4dfedd57a615fdc0407867c0ab2577507c6afe5320d5b26","sha512":"79c55e8cc4ba19d93751be035f34ffea46704d06b08da0ee65a013c3bb40a7f3295156bc659db38df831457a65d53ed01bb79812b5903f66de13108d99c85e9a","ssdeep":"12288:WKLOlpdbVhOBbi61VlVP30w5qYO8DgLhC9bxl0zY6+wqzta5YpqXl5M0k+3uJH:WKS1/OBbi61/Vvx5qYONFC9VGM60S15M","tlshash":"b4f433f9941e38c2eb42b5617c2f12219dffb09b487f5fe24b40ba6a23dad4443d9458","first_seen":"2026-02-25T03:05:09.960469Z","last_seen":"2026-03-07T02:01:37.469286Z","times_seen":59,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":32,"dns":6,"connect":5,"send":0,"wait":92,"receive":59,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/css/styles.css","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /css/styles.css HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ikILh%2Bmm4xhdBEVn%2FKUH3fhg%2BfGYkp2mb4uumdfJMmFVdev0KaW7q1SnOTx1IdDbiX%2Fmd1mUOj%2FzeNSBEsBYiqON4KLe%2Ff5PLNKC4Paj\"}]}\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 02 Mar 2026 21:13:15 GMT\r\netag: W/\"c474-19cb065eb02\"\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c7fb5695bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50292,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF, LF line terminators","md5":"b43c724e6677a1679df9ef3dad996ce1","sha1":"2f71b79e5a1c3bab710e23175f850665086f936f","sha256":"2fc99c040a6ccae1cf1e40364120eb8d84ee06bb5280eaeaa047b770c43795c5","sha512":"0caae2983614aa6dae10db7326d6281cdd03762fb2c394a73144ae4235a8edd973ece9f5b86e3a27df4df5ed8c7d362441dbae985040fdf145186df849ce4b16","ssdeep":"192:evmd5M1c3vV4oUqt6R9AaqHGIL7POqqXiqJcTNNYUPetnkXhBI5Y8oz1S5fFJtUI:e2tt6ix+oz4MH2WDQgb3Q5GfJh9vxvq","tlshash":"17333158a71561a66633bbb4aff60719f298a0539b02456e7fdc22450ff13bc41a2fcc","first_seen":"2026-02-20T23:54:40.355055Z","last_seen":"2026-05-04T12:04:43.731303Z","times_seen":92,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/js/chat-support.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /js/chat-support.js HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EhLz2m6w7z0zMXE0ani4osv0NnTA0b4Ti5OY6ONML%2F8eFqKTV%2F%2BOjDVQllgH715OvJ6bGgkprbp7V92a%2BxA3NnijBMHbQygl874lF%2Bi8\"}]}\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 02 Mar 2026 21:13:55 GMT\r\netag: W/\"6c3c-19cb06689ce\"\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c80b5c95bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27708,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"8f56cbba16abca703b3cc18e50a43abd","sha1":"48ad3e29b0d7f0da67d910a1dcba69aeab09ab85","sha256":"c91fc3552cc5ffabcc9de078cd060d2f9503fbd8cae93bea3ee7e0df2e4cc3eb","sha512":"e68d1bedd680727ef3fc3d171a864b13d0ebd086e1f8ebf3f2a3679395a97aa1f15c2fee90f3d598e272a09db811e9b049755a59b5096af707d72a8f56faa471","ssdeep":"768:vy302aY4tXXf/Sr40C+AePT5BEkHqkII7w5asTeFacn+wci27B3a9QcMPU5dhLjS:vyknXXf/Sr40C+AePT5BEkKkII7w5ast","tlshash":"83c2956d20e2103909b3a13fab6b212bff73405b224785207d5e47512f70f94a6b7fa9","first_seen":"2026-03-02T13:47:48.014504Z","last_seen":"2026-03-30T22:24:38.208078Z","times_seen":12,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laxf2z.vercel.app/api/v2/binary","fqdn":"laxf2z.vercel.app","domain":"laxf2z.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: laxf2z.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nX-Session-Id: 4b124b9bdafa26cdeb61d9d0e2e5de48\r\nX-Config-Id: 69952789c8df00fbc3e2b8ee\r\nContent-Length: 99\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 04 Mar 2026 13:25:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BRRXo%2F9giyh5oB%2BeTMItNx58eo6R2alp4qancw1lOhYSiIey2aa2v2y0zp9Pj37qFoq%2BBaet%2FUbiCHKNiq9uA6Wf%2BPNIFpqexCKIdAwaGycrOk5fbO0UnzyTOrtyHuGAeavuAg%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::rptb7-1772630722170-ec12610577a1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":99,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"0ee65576044423747cc7abad668acde0","sha1":"8277a20b22a20c7ebeae06997b626b44f26c64a1","sha256":"d5d9a6dfa52db4791cfe9ace75e190c41811b56b6fb0b376af44e01c87243325","sha512":"50ea0da0cc989dc652451ffb3c0bfe49af4e7d385157ae4d62839f9a446fb7740854fb54dc0901700972a3e9a085792fca16e372fd133144928a40d6615c1e4e","ssdeep":"","tlshash":"69b0120897c31754da63f475d40409145539db4b0e0d08c1b409d884142599183cde40","first_seen":"2026-03-04T13:25:49.726266Z","last_seen":"2026-03-04T13:25:49.726266Z","times_seen":1,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:28:10 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134dde94cdfec-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":573440,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"9e82bdb7983acca90eb7fe803d19ed19","sha1":"2870e60f278ee4bcf7563487c4b24ea4e1e4b78f","sha256":"840e40fe2921365941feb8e53ed092be06f4406b7e13d60cf73416d506eeed8a","sha512":"4e6cd4b9644367fa27ca8c9108314baf917c1b99382663468ae6656a4e27bee0d08bad87ed60f4da8a0dd14535de292672feae75b053d9e74e8a4a69677075a9","ssdeep":"12288:VEznytgluvfiMoSnqYsA4Xp8fvndMMr95Hl42YSbZQxiVg:avufiMHLszpYKMLHl4XSI","tlshash":"90c4236944bc5d85222902252a59357c2013a07e98f6bc7cb2bcdf9dc9cf9bf4de80e5","first_seen":"2026-03-04T13:25:49.72862Z","last_seen":"2026-03-04T13:25:49.72862Z","times_seen":1,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":32,"dns":6,"connect":5,"send":0,"wait":153,"receive":20,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-04T13:25:18.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncache-control: public, max-age=0\r\nlast-modified: Mon, 02 Mar 2026 21:14:35 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j01oZ02BDD0gxBuQ%2FEYt6Ek5inyqpz8dN5ZTrjHmGL07goCyFlJ68qHlTqJlqhTbJtzTmYlMFlmm%2FJDrSNjmuC%2F3VWVo8iZaYyT4vvsM\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d7134c6ca193017-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52317,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1311), with CRLF, LF line terminators","md5":"30b95ae6ccb573cbb2fde97c7205786b","sha1":"6b0ed9a9f8e08e28100c76ce1b86b674f00c97e3","sha256":"a8c22f08f941173912a1ab5b9c64f701e69fec429f36b92ca21cb45c76f69acf","sha512":"3e46c027347e9c0f468f67eec982eeba62e98d09f5aeb5316f768dcf1d0b131b2dd3c1356c6c74ae85ec1eb4d7c504eddec8b7638603993b5d8cc671d35eec5b","ssdeep":"384:OsltsJs6L9u9YKplKnJDTrjhTxyfNmFPFmtnKrnOHswj:Oyt0OxMDXjDywPF2Pj","tlshash":"993383b452c4043a9173c2d9cb253bbafeaa8183970a9115b6fc27a75fb3c45dc37198","first_seen":"2026-03-02T13:47:47.976239Z","last_seen":"2026-03-04T14:00:15.965445Z","times_seen":9,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":72,"dns":43,"connect":8,"send":0,"wait":49,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"pump-funds.fun/css/chat-support.css","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /css/chat-support.css HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bw%2B3MrVysPfN8Djb%2BA6Ua2iCk5qOBCfK0nvmtCaEtKbtUPq%2B4%2BYM%2BLkrB2rpcfsMD2cDhVTMVmrzXEm7YE4NGZ%2FWE5ZJ94WZpD9oc%2BdM\"}]}\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 02 Mar 2026 21:13:15 GMT\r\netag: W/\"37c4-19cb065eb36\"\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c7fb5895bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14276,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF, LF line terminators","md5":"e7b1486c350960d2e159fab373273845","sha1":"602259772e9a91c32b4c914e2f1263678967f03f","sha256":"b911a220da794ecf28d5690d69e2799203f9064b844c6b2bb601858976ac4c0c","sha512":"76e8f194e7007e3e0f8e283e03b19c7735508fde045c72ae8fb6fc3e95a5e0e4c80f3b3d515810c1ce902131313af84bdbfd9209ab245112eb82efedd934b60a","ssdeep":"192:1RjmabwEOS9ei+DVDU6NVFnxiTQ+V10yxxpgTVSpcCpBxTV6g/8v49M9V4A6WwcH:JSrSVzBSo+4v+","tlshash":"a5523278d601506a7a77a7b4afa94605e2a910439b03417f7bec51b90fb23fc8261fdc","first_seen":"2026-02-25T13:18:14.499293Z","last_seen":"2026-05-04T12:04:43.733461Z","times_seen":77,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/js/support-modal.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /js/support-modal.js HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WQ9siKqXxvhgTQdb%2BEDxR55RGDEgrCYSUSf9qczozy7hdEXHXSDgxq6PpJ3nGlkEMxTPIlmIoVjVxbgShgJA8i7Xm9LMcHDIijzQMlaU\"}]}\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 02 Mar 2026 21:13:55 GMT\r\netag: W/\"17de-19cb06689a6\"\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c7fb5a95bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6110,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"bbd0d55de929b6da87749509c9226f95","sha1":"39b7411cced962fa7ad4432ffbacefdec087d011","sha256":"322d44f191f8dbf416f43e4d1c3c5e8e2d1f8212acceca78f031463732847067","sha512":"eaba099111a0039761e4808f2c7d66f69a206d1a2122ee8fd4bc0e7f14f4be6828be26fca1c465d9678048d85cf515c609b6176a01c3fc5747a9280a71f72457","ssdeep":"96:mMj8hbkY0x1DITLcj7oY8MOOz7XfYJHoGqCJXuPCOJWfBlH3:8hbkY0xl2LoUaXQJ+CJXuqOJWH","tlshash":"7ec1f2b45abb3021845f606b7bdf1a673e3480875c49f511bd3c83914fe58aec863b54","first_seen":"2026-03-02T13:47:47.997789Z","last_seen":"2026-03-30T22:24:38.2136Z","times_seen":12,"resource_available":true,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 550643\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-05T11:07:53.039119Z","times_seen":166793,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":150,"dns":3,"connect":8,"send":0,"wait":18,"receive":3,"ssl":132},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 550643\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-05T11:07:53.039119Z","times_seen":166793,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":86,"dns":0,"connect":0,"send":0,"wait":64,"receive":10,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","fqdn":"laxf2z.vercel.app","domain":"laxf2z.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:19.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"GET /demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F HTTP/1.1\r\nHost: laxf2z.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Wed, 04 Mar 2026 13:25:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uxb72J7NFMRVgNoL%2BHWTPRgLggRdUlOE1r3693ktOROPCfe8O%2Fv%2FrXJTdJAxaAjTEz4AbyWm%2FCq6cZcAWm3rjDSA8xlhwiWHZnqpcqaO5w02ZBT5V2SGE2F8KPi%2B9kEHrxp7RA%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-ratelimit-limit: 50\r\nx-ratelimit-remaining: 49\r\nx-ratelimit-reset: 600\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::rdk72-1772630719228-ab8de9ce7c3c\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2851327,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (33714)","md5":"45324415aa2cc9690e1e9a5ec6383d06","sha1":"20ca614cfd44b2ccba0f83d22ea78816357a2174","sha256":"b7b9a14b608bcf0b81b9743de2db854b6537f7677247809a702db636da36510d","sha512":"4c0db1eef15003271bdfdf64f78c5d99ed67e7954261e82d79e9beb813d7498e1cc5dfd8210f65c2e1dc2e4e3ffa10a81c863800aaf877f86c8cd5727183ffee","ssdeep":"12288:C44LZxNuaZYNUIFPfLUlKY4Ue+jFy1rq6c5249AZQmYN8Ge5CK3i/R0u4gpJm:C4cZxtaUFBE1r5c52aAZSu3iZ0uTJm","tlshash":"68256cb073a1b07a03eb92d594661100f334941a700d84acfbaca9eb6f959cf957bf35","first_seen":"2026-03-04T13:25:49.735563Z","last_seen":"2026-03-04T13:25:49.735563Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":45,"dns":17,"connect":1,"send":0,"wait":10,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/js/script.js","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /js/script.js HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GwEMf6CRusqtuadmVqs1i%2BxNEZ8Bdk5oCfj%2F23QvvrSP7b4kBZ8uImV7qLdavBGXsFW7nz2rsg12hhI2vlmnlHi0QfTmaxWft5W5pDJi\"}]}\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 02 Mar 2026 21:13:55 GMT\r\netag: W/\"4369-19cb06689d2\"\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134c7fb5b95bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17257,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with CRLF, LF line terminators","md5":"660a62eebc4c6cf6fed68ad4b85f3b10","sha1":"a3f8d5d53115ddde637292ffb3c6a9204bc52e66","sha256":"ab5d39d2222926cb3a35cef1cf1676b49552102440bd773da930d99faa086392","sha512":"a904c9cb52206a1d14065f55e5764d62196e6ccdf879077a96d6eb868dc9c2b4d80fd56667836ca94e21dcc86a3ed8d943ae1513ce69c891fd5c74849daee394","ssdeep":"192:yw5kX+sObyHw1HBFUmyAjt4hRYIkbw2uCymH2fqMo2GtrVr1TY+s1BUC3kFwxka8:yILsObybQ2No9TozT3avcZc","tlshash":"2672636da5b1003586b3727a1b9fa248fa3340633505ce043e1d8b446ff2b559ab3fd9","first_seen":"2026-03-02T13:47:47.981894Z","last_seen":"2026-03-30T22:24:38.198912Z","times_seen":12,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/images/pump-logomark.svg","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:19.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"GET /images/pump-logomark.svg HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:19 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XvVoB%2Fd41Ji3LSFSsjbn3EANd%2F6LFtSwD3PxOdBrXbYVzhWWJR0yeCOfzDmMa5NV2v24vadUHr6JrBQlnb8q5J4Ah9h03Lb4CpDFjIv7\"}]}\r\npriority: u=6,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 27 Feb 2026 12:45:37 GMT\r\netag: W/\"a64-19c9f2215bc\"\r\nage: 0\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134cbbc6295bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-05-04T12:04:43.719425Z","times_seen":123,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laxf2z.vercel.app/api/v2/binary","fqdn":"laxf2z.vercel.app","domain":"laxf2z.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: laxf2z.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nX-Session-Id: 4b124b9bdafa26cdeb61d9d0e2e5de48\r\nX-Config-Id: 69952789c8df00fbc3e2b8ee\r\nContent-Length: 99\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 04 Mar 2026 13:25:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KQkHuymX5hgxIu%2Fgsv2poxLx3AkAD9rifP1Prg5jBaaij75sQRsajx92gz3dtoUdscq29O43Ud127CLIWPR8wwbcRIJo1fGtAqOHNjEKCRtZpVUTcsdXCBdefv5AY7AsAP58ow%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::p85rs-1772630722037-697c57359406\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":995,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"7ab996719ef1d35cc023a9645592e2c6","sha1":"ae404a43bc453a78ea6531cb034e5267e73e7028","sha256":"d030393211d1f5aadd8213b26cb9fb6208d4cb21e2191234f31d9964cefde70e","sha512":"eeac5d1d722f9065f9caf1f4e520965ccd544428efdcb27bacc319173332b1d1c30991cc67408d4d0106321a1d05253d31bb2dd5c5db6793c51d439dbf2f897f","ssdeep":"","tlshash":"2d11cc519fd00365e97e3cba25f391deb9951014f0ef7b59047c47d5f07866416092cc","first_seen":"2026-03-04T13:25:49.739977Z","last_seen":"2026-03-04T13:25:49.739977Z","times_seen":1,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:07:07 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134df0eb132fa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":213119,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"649da5f254c056f3c1fc38e08cb3f666","sha1":"03645211c137d5788b6b65d630200f79044829c2","sha256":"6ad3db2eeb5746177cfedb6a5c4def7220e66d9577b58219aef2c93635329ccc","sha512":"80b065cf64b8bd60aeac89398cb78a1f0402dce9f8e8a5c8f43e2852b1bd5a14ba2cea4bca0f23043f3c1874ccb6efc6e12ca4a077be6f225bd31686a940c517","ssdeep":"6144:bfw++FELEn9n81uoNI/ssN2OlwXVAQ0Glh/tNEkF/G7Po:bw+YEyoNI/qVAQPiktG7w","tlshash":"342412eae0bd5b169d281464222d1fd52ee301796dfd3c3223819d6e9f83c6a3ec8459","first_seen":"2026-03-04T13:25:49.742119Z","last_seen":"2026-03-04T13:25:49.742119Z","times_seen":1,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":183,"dns":0,"connect":3,"send":0,"wait":105,"receive":4,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 550643\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-05T11:07:53.039119Z","times_seen":166793,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":79,"dns":2,"connect":7,"send":0,"wait":75,"receive":16,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 550643\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-05T11:07:53.039119Z","times_seen":166793,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":147,"dns":0,"connect":0,"send":0,"wait":19,"receive":6,"ssl":130},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-funds.fun/api/site-presence?event=pageshow","fqdn":"pump-funds.fun","domain":"pump-funds.fun","tld":"fun"},"ip":{"addr":"104.21.66.99","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:19.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-funds.fun","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:20:04 GMT","end":"Mon, 01 Jun 2026 17:20:03 GMT"},"fingerprint":{"sha1":"18:C2:89:63:15:54:0A:5A:93:2F:0B:6A:D6:83:A4:6B:CD:35:E3:84","sha256":"E0:B3:71:92:1C:74:84:66:96:45:75:D7:1A:97:9C:B1:CA:C7:A7:D0:4B:9A:A9:57:29:8A:E0:A0:D2:25:C9:FA"}}},"request":{"raw":"POST /api/site-presence?event=pageshow HTTP/1.1\r\nHost: pump-funds.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 114\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":114,"data":"{\"status\":\"online\",\"event\":\"pageshow\",\"source\":\"main-script-pageshow\",\"page\":\"/\",\"visitorId\":\"v_523623ea69a908eb\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 04 Mar 2026 13:25:19 GMT\r\ncontent-type: application/json; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NlwnD%2BdLi0l%2BbMOo5p5GzsENQeSxRySb%2F9F6K5WGxgU3L5mRfl7GGJ6qjyZttvWRNnnXao6%2FDuQlvVxgREuSnYVyFBr%2BpN1IXDuj27UG\"}]}\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\ncache-control: no-store, no-cache, must-revalidate, private\r\npragma: no-cache\r\nexpires: 0\r\netag: W/\"60-zgWueyNKeGhIVHNBjq/8mwW9DFU\"\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d7134cadc0895bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6e14759f46f68bffd49f7a7fadc90b3f","sha1":"ce05ae7b234a7868485473418eaffc9b05bd0c55","sha256":"053dfc5a07e1a87427ecfa591eefcd3928ffd6eb42ec6b8091d42a856486f2a4","sha512":"7f4ae17686a8704db78d3ff1f25338d2f3d7da20887d75fc3428b1dd400811ea379e743c50d6b7e360f87af0144230ec6aab389161d650ddb2981f940d4bc893","ssdeep":"","tlshash":"d5b01244546810315088128210140e102edc58f3e2f31c95d14e85403943289a1b7803","first_seen":"2026-03-04T13:25:49.706003Z","last_seen":"2026-03-04T13:25:49.706003Z","times_seen":1,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:05:42 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134dde93db1b8-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":233152,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"adf19febc8ba2de10050f7ff84ffb0f3","sha1":"97fe26f04f3ec61ce818c62d1db4998d57c58419","sha256":"1e2f9481585f44b30d47e1821614a195bf061093a3dc6aa7ff81bc9678894d6a","sha512":"b09d3f3e1a8deb339a5f607e337bae4bf3ad77760569ac60701a4b9d75bb5317819150005bddec753ee0e21f67e4ad031df71f8a90a69b3fb7139a7bd25b73e4","ssdeep":"6144:VEWnUzTsEyqI/zk5a5+LlHuvfiMjsjOxWWUtWqLhasA4T:VEznytgluvfiMoSnqYsA4T","tlshash":"dc3413d4c57cad83612f02551b48e5b51113a1bd88f7bc2570e8af4dcacfaba2ef4095","first_seen":"2026-03-04T13:25:49.744189Z","last_seen":"2026-03-04T13:25:49.744189Z","times_seen":1,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":34,"dns":1,"connect":4,"send":0,"wait":222,"receive":5,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:26 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134ddefe8c759-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":233152,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"7a3e865e740726e79a5e6ed50bc7279f","sha1":"480b7007a904c9de6534fca0ac389a3afd054f82","sha256":"b22a67b15281c324fa145451bd31e7b7823e2238e10c2c8248833e871f1c29bb","sha512":"a088e76de194bf3d343f0cb5b9cfe12542f38b809314d7a0d3be0bb33c9433de976b13d4b24b589f0161af8c41bc6769cb0e4853caf64812875dc3d38c667863","ssdeep":"6144:SX42j0QXJrmMAYOKE2myyXuzV8ozZAZCewP2Wbu+cGyiQv:/2TA4vVLmF/WbRE","tlshash":"3234127ec63948c16aa601146f2412700c9368aceef7f92307ecdf68d647d6d6ef2256","first_seen":"2026-03-04T13:25:49.746162Z","last_seen":"2026-03-04T13:25:49.746162Z","times_seen":1,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":30,"dns":3,"connect":1,"send":0,"wait":219,"receive":4,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:22.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:25:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:30 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d7134dde803c759-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168728,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"aef89fcf6930bd8b2f0d94658eb21bad","sha1":"07846d7c8618945bd1f3e1cdc1a9c52b3f4a2e96","sha256":"658bc287001cc74df2ac5a88b151958b32862a38d29d08e66ab48d8cbe2247e2","sha512":"ec0ff447badd451d56a1c2e127b892ba0790f4d2347fc6d7c701974078cbb19b4f24c0f72f5212f989eb09d4051e0f8aaf441ae586e8d89f6d939e3589d5f4a3","ssdeep":"3072:W5q1q9QYl/IpgAudbxUMojrOSzvUR6wFnW5ZLaMoxmKp4AdWkcCq:W5q1Y6gAQxUROSc/naZLtHKp4AdWkcCq","tlshash":"bff312f998fc0c46f94d76503356973789afb01e08b76cb60be67b806b8e46d42c891d","first_seen":"2026-03-04T13:25:49.748142Z","last_seen":"2026-03-04T13:25:49.748142Z","times_seen":1,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":32,"dns":7,"connect":5,"send":0,"wait":224,"receive":8,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-04","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:01 GMT","end":"Mon, 27 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"AD:23:3E:9B:CF:2B:A1:EC:31:14:63:D1:58:73:BB:E7:C5:32:16:8C","sha256":"B1:5F:45:BF:00:8C:68:35:D3:42:B2:67:66:47:9D:BB:42:41:07:56:3A:C4:1C:D6:10:7B:B7:53:C2:71:81:33"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700;800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 04 Mar 2026 13:25:18 GMT\r\ndate: Wed, 04 Mar 2026 13:25:18 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12635,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"4b1d52c19ccef2398d1de007b3c9a55c","sha1":"c57fa2bcac927a7d60c526cb7ec2b6249019dfe7","sha256":"05f842619ec9f615de0b749034eadaea60e3554d798683fb01ee1eb27abd1e68","sha512":"9dfc4ab3832325eb1438bd85674e15ceb62771b94f06ea8e48a2e286453d571218df3f6727b8df4c1bdfa47218eb5fed0298601da289391a736a76a230d68c3b","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kCxHx:vXuM0p2+g7r","tlshash":"1e427892002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T22:54:08.549336Z","last_seen":"2026-05-05T09:10:43.358819Z","times_seen":4796,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":80,"dns":0,"connect":7,"send":0,"wait":19,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-funds.fun/","date":"2026-03-04T13:25:18.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-funds.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 550643\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-05T11:07:53.039119Z","times_seen":166793,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":142,"dns":1,"connect":23,"send":0,"wait":21,"receive":5,"ssl":114},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laxf2z.vercel.app/api/v2/handshake","fqdn":"laxf2z.vercel.app","domain":"laxf2z.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://laxf2z.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee\u0026parent_url=pump-funds.fun%2F","date":"2026-03-04T13:25:21.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/handshake HTTP/1.1\r\nHost: laxf2z.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 71\r\nOrigin: https://laxf2z.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 04 Mar 2026 13:25:21 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5THL5v4pAGw0%2B%2Bt0pFDB4OMeG6xVLKXgoEru8Q5UIXmOwZZ5yFfU%2FSADA692aTV2mBRI6WnaJzuTaUp6ZMyO7HLklwsfVVO35Pea4Fis03r5IFAWEbG%2Bpno3z71Wgalo6BbJ3Q%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-session-id: 4b124b9bdafa26cdeb61d9d0e2e5de48\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::rdk72-1772630721812-0407a4dddc88\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"09da3f48a9e450856b8503fd9a138cbf","sha1":"8cc369531ccc873291b26b581e641cc1db7c788b","sha256":"8ccd728a400cd15f4b7dbeeca198e5795332daf0f8158dd4e63a8da17594490a","sha512":"04f2aba4d73f93ec8f42edf33cdfda99ebcaf6a2f0c8a636e868eef8b0e5962533cff8ab43793949a353562893ecdbc1a3a89ed2137e15aeeab89580961f425b","ssdeep":"","tlshash":"c5a024113031f30cd50455f0d5400c0d01c54f0100554c54c1f0d00131c400107fd104","first_seen":"2026-03-04T13:25:49.751001Z","last_seen":"2026-03-04T13:25:49.751001Z","times_seen":1,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}