{"report_id":"ee3c33f6-2d37-4d9f-ac0c-0c77abb0beb5","version":6,"status":"done","tags":[],"date":"2026-04-18T18:07:26Z","url":{"schema":"https","addr":"usdt-qrs.com/","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"usdt-qrs.com/","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"title":"USDT QR Code Generator — Create Tether Address QR Instantly","dom":{"size":9896,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (444)","md5":"95316b59ea35192155e27043d2e3f787","sha1":"7bba0d25531463bbf718924f3612297786570ecc","sha256":"3b290219029b900ed3068a0c22369803e73e2525baa7034670835021a88187d9","sha512":"ec7e56316975444515101f9c965f8c612e08f6daf7f68b1d5405064e04f28888e19e7e244f14dc40e4c1ebfcbf7353aa259a93b1391c3a078a5051056205eebb","ssdeep":"192:s9jV7V9mmKIY1KvcXsk1GXx6LGbwwQtA7MzCiH7gzytMkyozygTZWJw:Sj9DdK5KBk1GXx6NxtApQWJw","tlshash":"a412d70be684a46b020111426dd26f6693abd14be3449cb07fac426f9ff4f1c893b757","dom_hash":"domhash83bd82e04918b5210b06eff9bc5b27a3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"usdt-qrs.com/","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-23T18:07:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"usdt-qrs.com","ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-09","domain_rank":0,"first_seen":"2026-04-18T18:07:18.396895Z","last_seen":"2026-04-18T18:07:18.396895Z","alert_count":22,"request_count":11,"received_data":141836,"sent_data":4716,"comment":"","tags":null,"fingerprints":[{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-12T22:33:20.808909Z","alert_count":0,"request_count":3,"received_data":372382,"sent_data":1331,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-20T09:42:43.794084Z","times_seen":122215,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a07da9fae934baf3f749e876bbfdd96","sha1":"46a436eba01c79acdb225757ed80bf54bad6416b","sha256":"d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad","sha512":"e525248b09a6fb4022244682892e67bbf64a3e875eb889db43b0a24ab4a75077b5d5d26943ca382750d4febc3883193f3be581a4660065b6fc7b5ec20c4a044b","ssdeep":"6144:+tah6/K+TCtlMhTze/RZcYmDizK8dB7alFys/WL/umH4N0IPfKu5AA11vrIY:9pZcYmDcHwFygmY1PfjAA1Br3","tlshash":"f844a4d8fb8d112e423231aa9c2f12cdb77dd171560458aebd4d597c24a083d82faf7a","size":271751,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-20T09:30:08.259719Z","times_seen":51342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/js/3.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6227fffce83590ed42c7d9fa84ae06ba","sha1":"7a507c89e3aff22c96711428d5e9b6924bf3905d","sha256":"7bab28ac7a43f2cb6a0e9dcca98922241209f1d74fa0d2ee08a4a66977dc26ac","sha512":"a39f5cb7dfb776c641f2f715eb764ce10d93b6cc448e379ed2627f79516cef92237a51b347857580b9fe54b1b298cae49dba4d22793101c4c2671db98e9a33bb","ssdeep":"","tlshash":"8421ee5cf8e32644827335b5891f818635b726e3212def50354cdac28fb8939e46e6a9","size":1366,"data":"","first_seen":"2025-08-09T17:43:34.102576Z","last_seen":"2026-04-18T18:07:27.754322Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/js/1.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"74cf11fc1c9b32764d824821eb23fb2f","sha1":"3554c22f150dff6fb2ddc169d86c920a12e226fa","sha256":"8616a85c0806ef5e61aa88f539ae464f95a01ae488bf62f68e10a56924193823","sha512":"4fac8719864de02937f158778175b0345a6913d4a90054a41baa9eb32845864c6b467f8a5d4ac8c5199d96abc6d0f219de1dca80d3ad8eedb3f60fa776740c69","ssdeep":"192:jBNCS5JkwjO/QWN8Z9vw1kWGHkxR9+fpfn4q8b/UBf2msGRmcvUyFtjtE:9NCSXkqaQac9vw1kWGHkxX+fpfnZ8b/X","tlshash":"b112ecc62fc466851b67a3fb253b20c0f126088d6d814c36d192ebf4f5a391ade995f0","size":9227,"data":"","first_seen":"2025-08-09T17:43:34.112039Z","last_seen":"2026-04-18T18:07:27.762537Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/js/main.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"37e389e67fed235bc1b909e12da21594","sha1":"9773cb54535c3e819f27a16ba0198137851a83ed","sha256":"6ef13e7def4e72eaa323bfc3e231521ec93cda6abaaf4f4ba5d74965b77ab161","sha512":"2f21d91cba9bbf104a8ecf63d21909f12e988d2bdd423b2e7e0d0e59d0e56358c8e1ab38d31e812daf85715d004a6301ce782d408126f98f6eda724bf4e1f683","ssdeep":"384:HeNSaNiN79U0BmzpWwY6zAAdTR0PeU6EPb1R/7pyHHqsgl41YucMRlyyT71O3yZj:H86QfY6e6ET1R/7kWqcMdToyZiK","tlshash":"89a2c895b28062e553926ce2082f504bf175d8267c0e8554eb36d4e2acf8fda4877fbc","size":22843,"data":"","first_seen":"2024-12-10T02:49:22.609835Z","last_seen":"2026-04-18T19:17:44.498392Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/loading.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2958fd861929271b389b0f421b67b3ea","sha1":"1afe4fe17943e08d31135b9bdb3834e823836dd9","sha256":"58785917f1da3a3daca043b1923667637de3e3faa430c8f9f43c43c2ccaeee66","sha512":"d5b730fffb57cc694fe4646f91e25a619b23c6f0e51546176e8c6101dfe45dd4236db3466a054ea6e1e3f47ca31b889948e25a3086c01c1c66f8b38ea0eacd5f","ssdeep":"96:lemy173fPrWgYdmEX43S5cixEn7kt5TNwn:lls3fPqgYdmEX4C5cixEn7kt+","tlshash":"4bd144b4abf7a94c902ba0671e3f2204156509130905edad7fcca7cc9fc922d56b77a1","size":6268,"data":"","first_seen":"2024-12-10T02:49:22.603693Z","last_seen":"2026-04-18T19:17:44.527152Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.0/clipboard.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c35192f6f3c8655e3d1bd927b3352b7","sha1":"257a1794bad17f3ae5839a178812b5b6aaffb1b3","sha256":"917c34325688477abe95a4d20090d15774bd2c98c4587e6d3f0bf5944835e86d","sha512":"870fe1813947c6d445669e5244b87ae6805552a97c91a81398d4da5d87f3e263f6661ebac2e5c341ad897fb3840bead6e15b0b8fe2a5e8c78ccc204edeaf1b60","ssdeep":"192:X4Hh4LyP153pPJ7rVWLBTwuLJ/eXbA5gpEHa4Lyc2mltIjk1QGo:XJA3JVVWLBT9LJ/eXbA5Tj2mzg/","tlshash":"9622855cb280b1b19ae760a9813f424fb371a469709a90d4b239e8f1bd78dcd5467f3c","size":10661,"data":"","first_seen":"2023-04-06T14:32:39Z","last_seen":"2026-04-20T06:36:06.624947Z","times_seen":3006,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"usdt-qrs.com/","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T18:07:04.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 18:07:04 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 22 Jan 2026 13:37:50 GMT\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NDqQ6McI24ZRK%2Fo53gZ5tLRlXnxpuq8sHrR3WAZyWfv%2Bhw8vAvkLK%2B5Ba3vT9722JkxKETOxtdeQEHayGO4%2BIKI1V1C%2FtSPmcT0ScNRxOrO6ilKJM5awMCfS0v30EUw%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ee59b671b55569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9960,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (444)","md5":"b39f8f51f0c9ae9c21d9cd8ac115c603","sha1":"6b1015762ba7bc87bb9dedf00ab7cd560c5b669b","sha256":"f2014500252213d4dfa57f11efea6f21c000d030cef2e647ce330f1985b43ce2","sha512":"66c64b85c806ac97bbe6d6163eac301f6fc84f6d636830b60036ede3275f5debeaa8acfd9a822ca9009b816b7f69c6d88de39f77b417a8cdb0a3725bcd3f36f8","ssdeep":"192:4AjV7V9mmKIY1KvcXskm/zLGbwwQtA7MzCiH7gzytMkyozygTiUJw:xj9DdK5KBkm/zNxtAphUJw","tlshash":"2422d80be684a46b020111426dd26f6793abd24be34498b07fac426f9ff4f5c893b757","first_seen":"2026-04-11T11:06:29.734875Z","last_seen":"2026-04-18T18:07:27.75073Z","times_seen":3,"resource_available":true,"data":null}},"time_used":177,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":136,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/css/main.css?v=1","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /css/main.css?v=1 HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 22 Jan 2026 13:38:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69722850-38a3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r7566XbWhJ09ddy1VZkNwraH%2BDGjnvIaWZ0xJddINO4dczgutiPLR4NbH3uHUD1kFtID1gNTSb1qQywknenkVBz%2FSz5P%2BnqryzwU8igFn1ZAI3A5UqMgRf6OPUsMlyE%3D\"}]}\r\ncf-ray: 9ee59b694f991a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14499,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14499), with no line terminators","md5":"b1bd0cd4cce03329140329a8e14ffea1","sha1":"1bafcb4f17724118983d3542cd2ecfe6d14e0a47","sha256":"7ac757004ce210638367b0d70d9ecf4373f11bd1e3ff9f845eb8ecae31c1189d","sha512":"21efed25306926bf2db2a36631e3c0a25da483274618bac1efea786a57e1998df12e69da330e86504c2a12a1e181856566a6427274d1f4da6ece504267c770aa","ssdeep":"192:Mk3QGQt/2CHvif7UqEBsx2Tep4kvE1XrIpRGmLvwD9e5CC:VQv3Bst2krRGm2C","tlshash":"505275118a88210fb0574735dbd2ea44323e8541fc620baefb793199c7e718e937f696","first_seen":"2024-12-10T02:49:22.595087Z","last_seen":"2026-04-18T19:17:44.518473Z","times_seen":34,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/js/3.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /js/3.js HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 22 Jan 2026 13:38:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6972284a-556\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kg9s12DqoFHX%2FujbQhg445sJobonE0V%2BsS5borY7hGavN3H7zDkUA7wBAgNDdqCZysC7Bvy8gfe1vuwbgbCqFL2Z01YlAs92Ebu3Itzq89n%2F50EM0%2F6eH%2FXthtmAK6w%3D\"}]}\r\ncf-ray: 9ee59b697fa71a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"6227fffce83590ed42c7d9fa84ae06ba","sha1":"7a507c89e3aff22c96711428d5e9b6924bf3905d","sha256":"7bab28ac7a43f2cb6a0e9dcca98922241209f1d74fa0d2ee08a4a66977dc26ac","sha512":"a39f5cb7dfb776c641f2f715eb764ce10d93b6cc448e379ed2627f79516cef92237a51b347857580b9fe54b1b298cae49dba4d22793101c4c2671db98e9a33bb","ssdeep":"","tlshash":"8421ee5cf8e32644827335b5891f818635b726e3212def50354cdac28fb8939e46e6a9","first_seen":"2025-08-09T17:43:34.102576Z","last_seen":"2026-04-18T18:07:27.754322Z","times_seen":6,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/faviconusdt.png","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /faviconusdt.png HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 1351\r\nlast-modified: Thu, 22 Jan 2026 13:37:46 GMT\r\npriority: u=6,i=?0\r\netag: \"6972282a-547\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BLvExGoJXUoVWAvZtTome5Cp61haw%2F7s76GISldk%2F5vP6J1hO3QmQLPEN9YSpCmlKZRh%2BP19uko9AZiJPhiX3d0szWGfJZyLhhwLqnq5mUaT6r3AIXTb4iZCpwOugY0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee59b6abfd81a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1351,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"99c10daad952643944ccca57d40dc197","sha1":"351444b56a806a47fc5cc6fdaeb312cf4a0f9f5d","sha256":"8349298c758486a93dac31d1efb9096e47fc29f67a0a2a54c3f9f0942b759eab","sha512":"fbbaf5c1c381bf8838ff718634a07926c3cd1f6445a5634ad58e001c398ebbb99045c88967433c8ec770669dccf293ec97674abceda847e4433d6390cd713fa7","ssdeep":"","tlshash":"fd218853b6338832d502f53f30fd2ad4dcd2590f151f2495e510745d3c280db255b302","first_seen":"2023-10-14T05:35:54Z","last_seen":"2026-04-18T18:07:27.75593Z","times_seen":12,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/jquery/3.3.1/jquery.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 66920\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03ec4-42587\"\r\nlast-modified: Mon, 04 May 2020 16:11:48 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 2005776\r\nexpires: Thu, 08 Apr 2027 18:07:05 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EPTRWFdcoAxT1T3ukBm%2B9h6p1ldtWcAWdo2hGdO44WS3QbQQ3uYVtSAy9je9krY8uwMtk6xSraNG4xXS3%2FO%2ByC1pviu3994UxTrRvV2h4dkVx6us%2FkGcmGXm4CGBj7xnLKDBsuzU\"}]}\r\ncf-ray: 9ee59b699f24b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":271751,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"6a07da9fae934baf3f749e876bbfdd96","sha1":"46a436eba01c79acdb225757ed80bf54bad6416b","sha256":"d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad","sha512":"e525248b09a6fb4022244682892e67bbf64a3e875eb889db43b0a24ab4a75077b5d5d26943ca382750d4febc3883193f3be581a4660065b6fc7b5ec20c4a044b","ssdeep":"6144:+tah6/K+TCtlMhTze/RZcYmDizK8dB7alFys/WL/umH4N0IPfKu5AA11vrIY:9pZcYmDcHwFygmY1PfjAA1Br3","tlshash":"f844a4d8fb8d112e423231aa9c2f12cdb77dd171560458aebd4d597c24a083d82faf7a","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-20T09:30:08.259719Z","times_seen":51342,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":30,"dns":1,"connect":1,"send":0,"wait":10,"receive":3,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/img/download--white.svg","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /img/download--white.svg HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NJuQgGuIrFfQz%2F2WSAO%2Ba3Ki%2FFdqkfvYexpZUtLLRpxAE8V4Y2oRH2mYs2xJp%2Bs%2FoFWsMjv47QMBvtRjS8tWgVYrnoXrlbEnUW9K4a%2BIp3IVZZ9764bFJPvQ0PNitVA%3D\"}]}\r\nlast-modified: Thu, 22 Jan 2026 13:38:42 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: br\r\nage: 11\r\ncf-cache-status: HIT\r\netag: W/\"69722862-1c1\"\r\ncf-ray: 9ee59b697fa51a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":449,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ec18d6e84c3cbefd322ead601cbfd8f0","sha1":"94fcc4898c0b9088e97f15152aaa6ff106ccc0a1","sha256":"6697d81b51a21744dacebd4f0a35cce24551d4185c9b47a3de7dda2c7212b90b","sha512":"8b0a965c70c481abe7dfb9b402911831746c82850c3690bc18d4a9881114ac25568241f7d2960f2d02d7f428288c5fe455ea257ecc50999160b1854be850b36a","ssdeep":"","tlshash":"daf05c95e70cb40828c58da19f2ce5a4251f30b82fd986d2c6852b1407879c99039594","first_seen":"2024-12-20T10:58:56.891313Z","last_seen":"2026-04-18T19:17:44.497739Z","times_seen":33,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.0/clipboard.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/clipboard.js/2.0.0/clipboard.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2905\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03e29-29a6\"\r\nlast-modified: Mon, 04 May 2020 16:09:13 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 37889\r\nexpires: Thu, 08 Apr 2027 18:07:05 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S2fUEDEBi0AkcSQVmccUZMFaZkTzl6t8hPWRDFjOUXV0aAZzDL8axfcmkbQbZKIOQN7WMQ%2FkiA34ky%2Bjo5Qi3lvCori2IHzuR5tauECocBLLwwvDimqR%2Flgbg8dAzVhNPowLfKoo\"}]}\r\ncf-ray: 9ee59b69af3bb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10662,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10552)","md5":"7c35192f6f3c8655e3d1bd927b3352b7","sha1":"257a1794bad17f3ae5839a178812b5b6aaffb1b3","sha256":"917c34325688477abe95a4d20090d15774bd2c98c4587e6d3f0bf5944835e86d","sha512":"870fe1813947c6d445669e5244b87ae6805552a97c91a81398d4da5d87f3e263f6661ebac2e5c341ad897fb3840bead6e15b0b8fe2a5e8c78ccc204edeaf1b60","ssdeep":"192:X4Hh4LyP153pPJ7rVWLBTwuLJ/eXbA5gpEHa4Lyc2mltIjk1QGo:XJA3JVVWLBT9LJ/eXbA5Tj2mzg/","tlshash":"9622855cb280b1b19ae760a9813f424fb371a469709a90d4b239e8f1bd78dcd5467f3c","first_seen":"2023-04-06T14:32:39Z","last_seen":"2026-04-20T06:36:06.624947Z","times_seen":3006,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":35,"dns":1,"connect":8,"send":0,"wait":10,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/img/usdtqrcode.png","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /img/usdtqrcode.png HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 67278\r\nlast-modified: Thu, 22 Jan 2026 13:39:01 GMT\r\npriority: u=4,i=?0\r\netag: \"69722875-106ce\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WVf3zlfmQ6ZFAnci6C05%2FIw1ctHfwMELCESMn%2FoRGYEwfMohsbIvM50G9HLbWF5bxvtRkcHhnN2Q8fhCfXqdh%2BfOZ8wZymaBhEuXHySB4Zc8RxlnL36a5Lhnszy9A28%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee59b696fa21a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67278,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2560 x 817, 8-bit/color RGBA, non-interlaced","md5":"1320a67b3392ed2bfe9e3734ddfd2d2b","sha1":"952aa8ceae4362e33e4e7de372694a37bd747eb5","sha256":"bba0f811185072747208aa5d22793e3fa0c8f4048a5496553872f452845c0376","sha512":"6ebe110d69bcaf194b60c3cedebea57be45e1c75a305bc2e265ee2cb84e38d708f991b69cf3f50f8c7ef9cbb34f61da448792fa339fc49d09a75ef41a84fe9bb","ssdeep":"1536:FnNiHdlWdnmM1m0q5p2DVDdsiPkNvlqjlLS:yHqdnZ1mlwDVW1olLS","tlshash":"cb63f2699ce74cc2f45ce0f0e79d06163e02c4dad2949b2243fd96f2b7abc36584ac19","first_seen":"2023-11-09T19:16:07Z","last_seen":"2026-04-19T23:18:13.746181Z","times_seen":1374,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/loading.css","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /loading.css HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 0\r\nlast-modified: Thu, 22 Jan 2026 13:37:50 GMT\r\npriority: u=2,i=?0\r\netag: \"6972282e-0\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3NWBIQxAXpQKoPitPEw162NlCjgyHqvoUDCOFIjhZkvu4Mn6gpEb%2FRceNyV6IXiqzjazyT81ItYNCzAPolaGeTQ3%2FNHLJ%2FViulNPCL52gHG66wjSPQknvd%2BTD5U9%2BWU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee59b696fa31a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T09:59:59.281443Z","times_seen":13970278,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/js/1.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /js/1.js HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 22 Jan 2026 13:38:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69722848-240b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dKmvq8OjHRosRsIcyxzPThEVaaQ7CyED6KaVIGL7rnzOZ8Qii9DG3Rg2xeFE6VF11V4t5dzGDBdBh9T7i29CgyQh3EBRnrixf5SjI55l7F8TB0m1%2FYr9hQCeFF2WKAw%3D\"}]}\r\ncf-ray: 9ee59b697fa61a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9227,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (9227), with no line terminators","md5":"74cf11fc1c9b32764d824821eb23fb2f","sha1":"3554c22f150dff6fb2ddc169d86c920a12e226fa","sha256":"8616a85c0806ef5e61aa88f539ae464f95a01ae488bf62f68e10a56924193823","sha512":"4fac8719864de02937f158778175b0345a6913d4a90054a41baa9eb32845864c6b467f8a5d4ac8c5199d96abc6d0f219de1dca80d3ad8eedb3f60fa776740c69","ssdeep":"192:jBNCS5JkwjO/QWN8Z9vw1kWGHkxR9+fpfn4q8b/UBf2msGRmcvUyFtjtE:9NCSXkqaQac9vw1kWGHkxX+fpfnZ8b/X","tlshash":"b112ecc62fc466851b67a3fb253b20c0f126088d6d814c36d192ebf4f5a391ade995f0","first_seen":"2025-08-09T17:43:34.112039Z","last_seen":"2026-04-18T18:07:27.762537Z","times_seen":4,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/img/download.svg","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /img/download.svg HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S%2Bk%2FzzFfbPlhhucv8uf1ZF75mTE3OO6IbkqU9NfgldcoHUotrp6zuOBG6PBAb%2FPalpqfQy%2FwxHHYnyx92ZMuYnNv2jOk5PLWUG8AHMaxun63TYaJekmvL0xwFKNpXtw%3D\"}]}\r\nlast-modified: Thu, 22 Jan 2026 13:38:42 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: br\r\nage: 11\r\ncf-cache-status: HIT\r\netag: W/\"69722862-1c4\"\r\ncf-ray: 9ee59b697fa81a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":452,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b131a294a8b74f2ccce37f314edfdbcb","sha1":"37514ca4b070a41d8f878f4ef61ace8d1bb022ab","sha256":"42a1a6399c09f7277a1e2cdd121bf1a0fa45af5d945c032d241f1eb7a5e4d50e","sha512":"cf86b13e76e5c96bd9f270e5292461c2ad598f2dfabfee7e136adf439ddc2239909b057648620d4bbe35deb409ee73559e33fd6fcd8e673f3c35e8c5447cf247","ssdeep":"","tlshash":"41f05ca5e70cb40828c58db18f2ce5a4651f20b81ed986d2c6853b1407879c9d43d5a4","first_seen":"2024-12-20T10:58:56.885688Z","last_seen":"2026-04-18T19:17:44.513024Z","times_seen":33,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/js/main.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 22 Jan 2026 13:38:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6972284a-593b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HUHjs0ljXM%2FEadgoVr3Daqp6lCWUtUPq3PIB5jf12vzcWMdljvEo%2FOvJCTG7p8dMTs8K4%2BbWfIIYPqmqeX8hFg2qqb6A%2FRPEKYKtxC7U2mXXZzj9fu7U7eYNnhOB80c%3D\"}]}\r\ncf-ray: 9ee59b694f981a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22843,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (22843), with no line terminators","md5":"37e389e67fed235bc1b909e12da21594","sha1":"9773cb54535c3e819f27a16ba0198137851a83ed","sha256":"6ef13e7def4e72eaa323bfc3e231521ec93cda6abaaf4f4ba5d74965b77ab161","sha512":"2f21d91cba9bbf104a8ecf63d21909f12e988d2bdd423b2e7e0d0e59d0e56358c8e1ab38d31e812daf85715d004a6301ce782d408126f98f6eda724bf4e1f683","ssdeep":"384:HeNSaNiN79U0BmzpWwY6zAAdTR0PeU6EPb1R/7pyHHqsgl41YucMRlyyT71O3yZj:H86QfY6e6ET1R/7kWqcMdToyZiK","tlshash":"89a2c895b28062e553926ce2082f504bf175d8267c0e8554eb36d4e2acf8fda4877fbc","first_seen":"2024-12-10T02:49:22.609835Z","last_seen":"2026-04-18T19:17:44.498392Z","times_seen":34,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 27433\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03ec4-1538f\"\r\nlast-modified: Mon, 04 May 2020 16:11:48 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 812960\r\nexpires: Thu, 08 Apr 2027 18:07:05 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bYsgc9ce5ABCLtHd8Qe%2F4DHhmN%2FBBBgpeGMIZSQRNjNpvVkpzKYAuprZvJEMy7Yteu6oSgvOhicNRXCgUuozOhPSb8TOUz77dJSjxdmkFivj8PE8hu8B4sXf78HEAq97v7yEytf%2F\"}]}\r\ncf-ray: 9ee59b699f1eb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-20T09:42:43.794084Z","times_seen":122215,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":32,"dns":1,"connect":1,"send":0,"wait":8,"receive":1,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-qrs.com/loading.js","fqdn":"usdt-qrs.com","domain":"usdt-qrs.com","tld":"com"},"ip":{"addr":"172.67.171.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdt-qrs.com/","date":"2026-04-18T18:07:05.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-qrs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Mar 2026 14:03:34 GMT","end":"Sat, 20 Jun 2026 15:00:57 GMT"},"fingerprint":{"sha1":"BC:C8:C9:6F:0F:47:BA:8F:B5:2F:E4:BD:4E:00:01:4A:0D:AE:F0:8D","sha256":"6E:43:7C:B1:4F:17:44:A4:3B:FD:E6:20:F6:1C:71:9A:32:56:79:E5:FA:77:A2:DD:9A:20:94:BA:65:FD:B8:8E"}}},"request":{"raw":"GET /loading.js HTTP/1.1\r\nHost: usdt-qrs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdt-qrs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 18:07:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 22 Jan 2026 13:37:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69722831-1874\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nage: 11\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JAJlY4kfnap1iCoFVw2mqX1G4azm1YRhX1bOcQSh7uzv%2F2OiLpUP6iQCKzIG0mnjdqeQhqy4y0C88cTx8Le87mRwIxb1PR6bXZtyqqm6%2B1g0pem66EYrwIrCoKFGzlo%3D\"}]}\r\ncf-ray: 9ee59b696fa41a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6260,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"67a2297fbdd096ee15364977e3669755","sha1":"178ca8b2d0eb84a7fe8f9367d8ec8973be37116d","sha256":"6cba712d5f0901a3cadac13b480e6f22c6b403ec97d98bfa58899845c74afda4","sha512":"ea69fce890e3d66b8c63438a993f38033e24d09b54727a3c3c1b10367a1b0b43bee37a7285c5a251795a353a16b817fd516c6d1239634494f7f9e91f7a9c665b","ssdeep":"96:lemy14fPrWg1twEX43S5cixEn7kt5TNwn:llFfPqgnwEX4C5cixEn7kt+","tlshash":"c4d145b4abf7aa4c9027a0671e3f3204156509130905ed9d7fcca7cc9fc922d56b77a1","first_seen":"2025-04-07T03:14:35.168992Z","last_seen":"2026-04-18T19:17:44.523139Z","times_seen":32,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"usdt-qrs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}