{"report_id":"3b61ac9a-452e-4d10-bd91-a23d4020accd","version":6,"status":"done","tags":[],"date":"2026-02-14T11:04:11Z","url":{"schema":"https","addr":"rainbow-token.com/","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"172.67.145.180","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"rainbow-token.com/","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"title":"Rainbow | Fun, powerful, and secure crypto wallets","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"rainbow-token.com/","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"172.67.145.180","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-21T11:04:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"rainbow-token.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-05","domain_rank":0,"first_seen":"2026-02-12T21:33:54.958918Z","last_seen":"2026-02-12T21:33:54.958918Z","alert_count":29,"request_count":29,"received_data":5096167,"sent_data":13768,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"Framer Sites","description":"Framer is a no-code web design platform for designing and publishing responsive websites.","website":"https://www.framer.com","common_platform_enumeration":"","icon":"Framer Sites.svg","categories":["CMS","Page builders"]},{"name":"React:18.2.0","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rainbow-token.com/react-18.2.0.min.js","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c7c5ba3de86a6831736cc197459a0c1","sha1":"3b64303b775e6c863e284ebfee396423fed00138","sha256":"f9b9aeb6a1b4445ae9d5f7290a6e85cd1af902575d64d175ade10719d824b6d1","sha512":"1fd89ea9f80f247efc1399b409cc13501bfc0538bc678cefc46a2e3ae4c70f06736407b3e8a3d4b62747135c55b4f9a4d5daabaf6b413d56e368966bf602e8ad","ssdeep":"768:VIsWEcotW5/tGRaZupln5uZh8EeHaqkv7p23Ek4IVUdOnDrx0urucNwDcPc11cTc:c51oNl5uxGY92ifWDreurukkrUNJg","tlshash":"8f7382d6990bd0e88e5124dde437ed15e4280a63cdadf1a3ba2cdec1b41df62c48753a","size":77572,"data":"","first_seen":"2025-12-31T12:29:56.281995Z","last_seen":"2026-02-14T11:04:14.437682Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d4cf6eccc041230c9dd271dfb4d73585","sha1":"f564e0194163d76df7125da4a53a1330d6c2200d","sha256":"f8511cc31f48adbe17932bc493dfccff59eecb9664209f785844d448e0537364","sha512":"f08ee807d4f2048b071d969021b201c2d30dc101f3ae4aa0ac8fac72c4ca68e5bafaf5bf55c0dfda8ee6b4e3bf52c0005b886690a9d363745daf9e461d3f1bd9","ssdeep":"","tlshash":"a6c012297070666a00cd7c7d4dcf149dba368412620849ca99dcd854bfb1eb842b584c","size":186,"data":"","first_seen":"2023-11-11T00:19:34Z","last_seen":"2026-05-20T15:06:03.827405Z","times_seen":84,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-06-03T14:16:15.147553Z","times_seen":3139,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"rainbow-token.com/aa44b083-675a-43d2-bb2e-b5d149cc7658.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /aa44b083-675a-43d2-bb2e-b5d149cc7658.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-397\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fB9LHYG%2Bl87DbR17d7YpzBcx0CE%2FZZxro8Exr7mWu7rKPCFDZLAJvjjd6lrmQG3TcaMozey2vJb55ZKL7ZNTgrebf6NIUi3owMtrgeIBGCYE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd0f3011c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":919,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (537)","md5":"e7258d18d4811225fcf0e509cde29655","sha1":"4b0d7c683a906395f4b9b9a3287d8a9752dde853","sha256":"da13d859f0f60d714d99cd37dbc5c8535f6943c4a722d8bd6948f709c4cb9dba","sha512":"7bde399a9fde83e9ab670efe3d633ee0978e6c636289983686631ac336031559346ed0b8fabd90593e1523e0514c747ab7d44c019f4922520dbc002faa096992","ssdeep":"","tlshash":"3511d0bf1cd65592fa278f1713cec06a10883593c26506c670ce19a8d756eac7664a1b","first_seen":"2026-01-24T00:02:45.167248Z","last_seen":"2026-02-14T11:04:14.412228Z","times_seen":3,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/4f6f2734-30bc-40a0-b330-8b887effaccd.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /4f6f2734-30bc-40a0-b330-8b887effaccd.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-73c\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8B6IyU4E0mPyH8TcXbcrhAud9VLArskAu7io8mY3g00Uj4f2B9UoeTzMV5irH0HegtbabGGz8kZOMAQXRL37DZSNkWiszOWHXM0CWDU7Qbk5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f3e11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1852,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1233)","md5":"aa1a6be8d18564fcd27c42306fa79b5d","sha1":"aee99e9f5edccbabd2777028b7c16e9f6d822314","sha256":"36b74eb4e3bb9ecafb9234796670b6f9f26eebb430e2178f0715cc437e99f8d0","sha512":"af8a7decc838b418a0deb101f68acc51fb3b1234fea0aad91ba51cd71c0ebfc1d75daa4b3c4f2ec7d38618a65efa6d1bccc5b09d11e4d698805d12566b39bca1","ssdeep":"","tlshash":"333199fb8ed95811f4270c26750ade3b311d95965c0fd2ecc395b9048d625ce723071d","first_seen":"2026-01-24T00:02:45.153504Z","last_seen":"2026-04-07T02:50:41.089132Z","times_seen":4,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/WdqwfLzM7511b0vTKJhyOovVw8-1.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /WdqwfLzM7511b0vTKJhyOovVw8-1.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 34409\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:52 GMT\r\netag: \"69851ff8-8669\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BD2elYB6LmmeUYlXn173T7WbP8di%2F%2Fw20wuH55hCpLuzxjiAx8JqFe8qnyuw%2FPv8nkVO2lupxFSj7Q%2F0UbNAuDdCYMXkVoxne0%2FpQiAyHYi3\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8ee8d11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34409,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 379, 8-bit colormap, non-interlaced","md5":"819b4bbe447fd62fad4ae8f7614eb182","sha1":"0b4c837edcb4d09974af69ca434155477ce8fe50","sha256":"5ed462fad7c559b6b5fc7ebadb4f9b44acc50170ce9ef6da91b2bf33a6e848e0","sha512":"2030c41fd2d91154dc2fad1d3e610e8042f38533635a8789e815d33bf1b012de374947835dddcf73a646265146182c1e9ab80eded89a23274e11ee5aaef5d987","ssdeep":"768:HHOeXLRemhWOQzLEahxJFDvFA/QWAgK5gT2LyPa4cLedjJyI:nlNM5hDJ1K4W5K4myPa41x","tlshash":"d5f2028949717189e0355d81dcbcfe73a6842cf911b4f8b52e7cfd4845b0473aaee262","first_seen":"2026-01-24T00:02:45.157416Z","last_seen":"2026-02-14T11:04:14.41786Z","times_seen":3,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/hU2QG6d9scwuab7no8Kzy4G4-3.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /hU2QG6d9scwuab7no8Kzy4G4-3.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 48693\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: \"69851ff7-be35\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j8ombgEVisu8nqJ7oZhnWdAhUgIP9ToaD5bn8EF14iT1HvfjW6e%2F3LiWaKzgAV3%2Bb4mvf%2Fp8fb6l6q5ca4Ml6%2FOOUjShmKkDN3SpFcHGmQj9\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8feae11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48693,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 506, 8-bit colormap, non-interlaced","md5":"2e4b011d7067532aa2daa52d0d76be08","sha1":"a28277a1bc0a253e3b192e7f1cdcd116ac9a8594","sha256":"9e6eedda4eb12be17d87864d609d0ddab9b2bc7164aabc72e3453818838e2561","sha512":"8d659bdc3a6c2844b1cb0d5796edb4047a3ad749ff25927b31d1bd20316ae4b92e8e29e704868b06ab929e1f24ed3dc1386a1318c2e4a4c12e42c1c53bc86a0a","ssdeep":"768:S9TZ+lGrAStdMH4Dd1l1s7oS3KTUThRyyjqJblLe7hCD0Y4LxkbPstyDIdKLZ3:SRMlGVtdMH4Dd1l1s753WYhcIMlVh4L4","tlshash":"f3230197337e785092dae02413564ba63ce7fdad2b4548f529fc7bb1c2323b9c224589","first_seen":"2026-01-24T00:02:45.171261Z","last_seen":"2026-04-07T02:50:41.086307Z","times_seen":4,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/bgm16Z9pe9YGDU72vUuHTzyYYk.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /bgm16Z9pe9YGDU72vUuHTzyYYk.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 1979\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: \"69851ff7-7bb\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=07ucyDSA73j6Rolg%2B166daNUZsR464jvzY%2FZL8EN%2F4kKdBoEwpNDnuaQdas0esHTOGObGUXG9rD%2BH7%2FbvIuEIEx8RQXCpu7FZUTvizbuR2XF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bc2d6611c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1979,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit colormap, non-interlaced","md5":"252358188e125eccd4ac586c69d55d9f","sha1":"6c1240a418c33f18fc0f4d888ff6a67ad7eb20dd","sha256":"15c260a67a7b2923652ec01996e06f14aeaac341c84ea9391dcb9bb7e792c052","sha512":"e6eef3d8857162a954c68af7f4298103368aae69a0d3f8efce2b0d650d972967235771b49244f71c83a1173bd2139f7f6f4f602c9158f19d0f059ac230ab90d6","ssdeep":"","tlshash":"5b41e8971be13661ca89b3f08ad91f92a4b2c6001988f787b80d8c7f1f452d25ea719c","first_seen":"2026-01-24T00:02:45.172811Z","last_seen":"2026-04-07T02:50:41.085266Z","times_seen":6,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/cb2f446d-8b83-400c-aebe-bfb95904818f.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /cb2f446d-8b83-400c-aebe-bfb95904818f.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-21c5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KZxPcXdusEyx6X7veL7ybgz5GP3cPo4I9GLfNqEHNSe0lLc3%2B04JGxLC%2Fu3%2FhTrZY3ZEjZAJMKnRRcoyNdm1w0f4rNmMPuhGPIxBrcLTjZFy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f4011c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8645,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5269)","md5":"766f15021234994968ffc10e7d0c6dd5","sha1":"af6336d00be8459b0c3c24a4f66854d81c3ef652","sha256":"3e4dd2173dda27f15d0aea15e3a8cd43cd31d405f456f22d3eebdbf7553a266f","sha512":"d4dafdfc1e88a27203840e434933a12536af39246bb7a0aad9071463e909c062ab3bc6f169bcf1fbffbc6447bacbbfa99154a6c34ce21a17c121d4c41e5af3c8","ssdeep":"192:fFW46BKoFvEvzP7oayQb8LCdXqS+QwpurIjcKv1oChVA+tQ98Hmu:fFWPBKoF87PIQb8LCdaSepurO1vyChVb","tlshash":"4b02d7ba8b841121e5434f183646daab23f1e1534846e2ec7ddfa6454ff3fce61305aa","first_seen":"2026-01-24T00:02:45.168078Z","last_seen":"2026-02-14T11:04:14.423961Z","times_seen":3,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/Inter-VariableFont_opsz,wght.ttf","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /Inter-VariableFont_opsz,wght.ttf HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/0e6ebd3e-c77a-40ae-a323-44f50ece8a30.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 874708\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: \"69851ff7-d58d4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=23fPlbSVWwgYt34OuMnFeUFR76DcwDYi%2FG1FqhL%2FpX4%2B8bMyCP3vcKFMNfTHccVTiFGEYYeomzVl9rrBFa6vDl2qEI7XQWJKGTMPkSbxd8G6\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14becaeb11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":874708,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 21 tables, 1st \"GDEF\", 58 names, Microsoft, language 0x409","md5":"0a77e23a8fdbe6caefd53cb04c26fabc","sha1":"ee5c2e22ffeddefc433c9aa4c76779bb73a5c682","sha256":"0be2399ea925f1f83ff974764761da9860ec50742ed29a5d4c1ffd0c5c7ac3a8","sha512":"6012de93c8523799869b8976f620936651efc0395c66f1a6a56d417288c1b05675662c5c740800ea935eaae1968f2befe279d0264eb0805f6b98e5ab042a9316","ssdeep":"24576:Wap5PFuuuuPz2iKeRpJ6iruEOwRy+4FFNea:WapTL2iKeRpJ6iar9F7","tlshash":"f7158e53f282cf5ec2592b358a734b9462396870ff17130f696573b4aea33e0694d6e0","first_seen":"2024-12-10T16:54:08.570183Z","last_seen":"2026-06-08T20:46:15.533761Z","times_seen":2719,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/3a6c71e1-f966-48b0-8c12-e6713d7fa778.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /3a6c71e1-f966-48b0-8c12-e6713d7fa778.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-1d6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u%2BSdKMXFAeTho3IWm6ap%2BqJKwbfCyqMKnhGI1FXGGoZNQLTxu1n%2F1v7cb7hzUfbGSYq2%2FpoTnRMsPlFZR5pqYFYCwBtF9UyvyRqR8k6bz6Pg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd0f2111c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":470,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (385)","md5":"a3be693970a859a5ea58e5327c707b4e","sha1":"9952019255aae5627b2f2a893974f745867ea696","sha256":"f384d2580eeb0a327291f41a8aacdb0db11fe7efbf1b8a7821aa65683f649856","sha512":"5bd6f04841359f39dad8c76ddea9840dc972fe2bb30d34989db3448e60a42dcaee7030f147e30a905828401bf4458aaa78f8e3488ffcf8c8d132a8c25631bbcd","ssdeep":"","tlshash":"bff00eeecc226cd64c42cd97299dc02d9111f58944a6838cd05334450c44d156173530","first_seen":"2026-01-24T00:02:45.194227Z","last_seen":"2026-04-07T02:50:41.084011Z","times_seen":4,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/c45c4fc8-c6f7-4f5d-b68f-c5438eeb524c.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.023Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /c45c4fc8-c6f7-4f5d-b68f-c5438eeb524c.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-1189\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tm4iYo8vCxrg9AYjmAi3SlFSDDM4Ecj1CZyqyo4SFzyLrvgF31b32%2FDGaRHH9e5Y%2FlCXAyJ0UA8eqaWV9%2BQD1RPu%2FSUR6Fj3j9mXgI9XVrP6\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f4e11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4489,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2885)","md5":"a82be1eb003a7844f876eda1e0bf9847","sha1":"ceb607ef9e1b7cadfbb0d0adb6bea39c8d9e26e0","sha256":"1c9c21fffac50f105e8fc2654e4b80120776b13a5afb4db8bdeb16d10dc2f87a","sha512":"b03ecee89ec04027873754422963e5bf2789f8e83d814864a3b41f2d9fa3b2b98a15024fbb10584ab000aa8beb4b3fda3be43c44f865bb4049518145eb722cee","ssdeep":"96:StItX/PxwecNMf+dH3JiwCDFnLG7pgMaAKTtzfo2iU7fP9o:StItX3Gec+J0gMZKTtzg2fflo","tlshash":"c491f9bb86950416f0634d29350bda6f77927593982f80f86e9ad11c0ebbcee3630919","first_seen":"2026-01-24T00:02:45.179822Z","last_seen":"2026-02-14T11:04:14.427039Z","times_seen":3,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T11:03:47.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B%2FnPiigsXpMtCSUCB44ETbhJa93IRvex%2BuBsGB11WUH6ZJ6axm1JRFa2X2O6NqNGG3qNID80%2FLAPeVfMIG0oucQfNkvn4OFuNs60a%2BKOtIp8\"}]}\r\nage: 138928\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9cdc14b78d4dd42a-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"Framer Sites","description":"Framer is a no-code web design platform for designing and publishing responsive websites.","website":"https://www.framer.com","common_platform_enumeration":"","icon":"Framer Sites.svg","categories":["CMS","Page builders"]},{"name":"React:18.2.0","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":362035,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3725)","md5":"9cdef82faa17a857a02e103ed8e986a9","sha1":"ac82283d47d1182bdceda9f9230c1dfa5946f6b2","sha256":"b83c95f3085920f5c9078e4e21fa06f346127382868f950631d756289c7cde52","sha512":"88b9ac425c939a0096e82a43ec723a0cc4b737771408e55d31008c52c168763745cf4e338d9596c524e8716ad90cb36bb0a23a633e590426b468db54b6e21cc9","ssdeep":"1536:ekFzVJVMaj5eHCe+FVieckV4VMaL9VsaTVhVk9VCw1p++oILIf2Jw+XYCoabpZ/t:ekCGXoILIf2J/nr81RYofAzd","tlshash":"847494531119f264acd76d7efb5ea5283d281001fe33c3aa62fd1a1f84cade8169176c","first_seen":"2026-02-12T21:34:00.232381Z","last_seen":"2026-04-07T02:50:41.088171Z","times_seen":3,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":75,"dns":42,"connect":12,"send":0,"wait":24,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/vK8ECGL27BFN7tScchchrKWCgPA-1.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /vK8ECGL27BFN7tScchchrKWCgPA-1.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 26897\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:52 GMT\r\netag: \"69851ff8-6911\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zKww3vh%2BMjLC9q6DBzfanao9BvjB%2BjvtCpkzpxwbseiSWzBCkg8URTM29J%2F7cn0JUjDGhFkGmU%2BHh4Up5y5HFhG6nNe%2BwWUf0Tr9Wwf3gdyc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8de7011c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26897,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 379, 8-bit colormap, non-interlaced","md5":"66577ee9256357a93dde14258dc2f3cd","sha1":"7db3437425eb70297e9a48167b57d6fa08591d98","sha256":"21358c9ddc53d0b13aa3ddfa78ad233802130c186db3ff9123b72d14385ae4d5","sha512":"8291ea12d8a51e5fd661806e196a94440940555330ebc89e41186d178a7f6b8438f8e095891dc6f04a2a5785a37a40e2de40259eb4d2a76ed7e47e699258a220","ssdeep":"384:yKxi/Te70P+Qd8e6A5zlOz1FwYZVS1/E27bLpuymzKvx4w5J1g5eqD:FiTe70P+QoAEr1m/Ei5mzKvxj5Dg9D","tlshash":"6ac2e007179c06b32f99f793b12d5d284ccebd342d9a012d746883f9258417b6f32a1d","first_seen":"2026-01-24T00:02:45.180729Z","last_seen":"2026-02-14T11:04:14.430452Z","times_seen":3,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/Pn7vfzLLQ2Ylyc0MS2jmR64xKlc-1.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /Pn7vfzLLQ2Ylyc0MS2jmR64xKlc-1.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 8487\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:52 GMT\r\netag: \"69851ff8-2127\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TXazkQUQcnmxzQI3RMIf0xIx4Uswn0D%2BQKNXHpl3HF9oRNhHDZTBtFtz4QejqGRzHZXb3K57B5IHx7BbAvdzsk8ELPZ%2BfW3khpXjS5R1iyNI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8feb111c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8487,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 380, 8-bit colormap, non-interlaced","md5":"6c0d7b9655ca76b10c80d546b75d0d5f","sha1":"9e4efa9e0919bae4c263ae905a2a0b7c59ae3838","sha256":"6421cb24f71b742c30f1fd27e85151b6c5fddd6967d533810593f6bea54f792a","sha512":"0e4960e7f571a7161378ef6cd26c84c60f8dcebe69fbc49ee2d412a68b3f5c6e7c83629af93de90de9f17847377a07fc410084ef18d5651e7e16ae8902980a47","ssdeep":"192:+XVu/4/KSX6SYTDwea7DXoDMViZE/X911IIYZcb:eUGKSXbYTyvXoIViZE/Xn29Kb","tlshash":"e702b08fa7c9e3815036b5f3a9c721573b1b80a822b75dcf797a9038b1e6055cc8d359","first_seen":"2026-01-24T00:02:45.181571Z","last_seen":"2026-02-14T11:04:14.431453Z","times_seen":3,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/index_1.html","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ro5ttvj0lyEcuAsjRgV9G%2BvUMABuhnhtTdmFvS%2FRYx4o5mjOKvMNe1Jp76i2kerMmVOKX44A5I4TqgS0kjZxkHPwI5NB3ZrDBcHd9s02MHX%2F\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9cdc14bbbcb311c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1950,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1325)","md5":"b447526ceb7c948a91f0fbefb9f3dc4c","sha1":"d66ad8d3e0f29d5311dc16bbfeb355b0e5d05b95","sha256":"16ef2fb85ce3458781875712f3d97a8b8859434878bd81676d9ad7e822ed7a67","sha512":"c2fcd755a99338135b28c5bedf984b863b42eac0a862b3be38a1d85227f82150f424c1e020dbb50860c93e79d7b0be9776846b5500311ded58f0d1eb95fb1cbb","ssdeep":"","tlshash":"6041e34505094e1c72451ac3fa147119c0e6921d8f39ace875970f3b97fda9c82bea8d","first_seen":"2026-02-12T21:34:00.217226Z","last_seen":"2026-04-07T02:50:41.087319Z","times_seen":3,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/jiid6nfu78vtDFgJz0L0Ga87uFg.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /jiid6nfu78vtDFgJz0L0Ga87uFg.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 160745\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: \"69851ff7-273e9\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wpMRp7HpX0eKQsovDGl0l6eLhNQ1CyKSrGa6KQlGaFzwJvykLiWbukAIuxowESYTQoB5cmNWFVRFBHQZwSLFvxfl4n5qdgdyq6e16nSKubAZ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8ee8f11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":160745,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 766 x 1024, 8-bit colormap, non-interlaced","md5":"c0871474f54b4a06c8cd17f7b449be6d","sha1":"cf4b733e02980f91270d199d8d768c093e43725b","sha256":"fbfb25487c7ac5c36420e26838d43606ec58b1f7e5a41da85a27496eadf2f029","sha512":"e3435efc2029cfe41f93cb38417ff70994c8959a72964596d571eddcac1d83855b31fd6edf1eb2a537ac56973b4bed1cb4fcb80533c5497acb29caee02a1fa27","ssdeep":"3072:ZHrgCHFS961/2C3uEyhl0H8APxmWlJpAr6hW7jzNbvM8YUXdGBt2:ZhHFV/28yfAxmEJYUW7j5bk8YU62","tlshash":"f6f312226bbab512e4d431943f8aa17e54476c7ed7ee610489423081417dbccbbf8bdd","first_seen":"2026-01-24T00:02:45.162137Z","last_seen":"2026-02-14T11:04:14.434571Z","times_seen":3,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/oFjLtCxBt9OTckVaAY2EMUHYw.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /oFjLtCxBt9OTckVaAY2EMUHYw.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 10984\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: \"69851ff7-2ae8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=skTOj%2FL52PfvvEbdwii3sFRs8%2FOca4rtax6QXUZlRSD4gG8BotyZ3gxWZm1TSEcI6AWM7FJr%2FYS3PMNX83qkGTrlXbw7zC1C3Nr3FAh9I5ZN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8febe11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10984,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 236, 8-bit colormap, non-interlaced","md5":"61c0a607c9ff179025b18d0774e86d00","sha1":"a16213194fa0c88eb190f7bb2b9793e1d2fc4dfa","sha256":"b0a8ee73cfa0daabd4cf4406d953810d44654f22e5d763df84faeeeb6d047374","sha512":"08f493402cd31cc1d6e42a30a3d52d9c02dbf586452577c3608578565523e57c12a3c92b054a1e701d7cd0108dab7e4398e27b7da455794ccd7043748d56d3c1","ssdeep":"192:7Kcc42vey3pggvPkq+S/sb4q80+Ld1lSQ3KIhkEO8829g6swDZK0fipiUPM:WxvJpgokABB0+Ld1l+IhkEwR6nZliiZ","tlshash":"b532b0b9031f5c3cd783b57d9a7e8342a1315aea99306fe50c1c11361a9b6d58563f23","first_seen":"2026-01-24T00:02:45.18331Z","last_seen":"2026-02-14T11:04:14.435547Z","times_seen":3,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/75773d7f-c65b-444c-a3cb-1dc713ecd300.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /75773d7f-c65b-444c-a3cb-1dc713ecd300.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-60a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ak%2FE4xv7VHUcwCVT%2FWbGLoD8TamxoHCZ6ICeUjm%2FzH3j4V%2FLfHs6xdHOUeSu6%2FDtKBqPtYBv18OqOB08XYaL3iMes4MGIS2VrB9f8Pm3OFHQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd0f2b11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1546,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1073)","md5":"5e49622afe74e0887303aaa3479a7f0e","sha1":"79986b7784889af6536330ef2bcc5d65cfc1b7d7","sha256":"7eb1d5f2a8143e02403284ca4748a1956bcade11d013d62c4dc39f3789287f73","sha512":"67c88eba31a4398f62ef8c4749fd05a1595193ec0d189ff38ea0cbdcb49286688ad029ccecc8d7032007d6b9c969220612d054ae061ac28ca9d60c1c397e1e34","ssdeep":"","tlshash":"393198efc692902fb487fe257942e3061e6390436a1909f8deea72641cb79cf3462305","first_seen":"2026-01-24T00:02:45.192814Z","last_seen":"2026-02-14T11:04:14.43679Z","times_seen":3,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/react-18.2.0.min.js","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /react-18.2.0.min.js HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:52 GMT\r\netag: W/\"69851ff8-12f04\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UTfnasjy9P41Zzhcz5sjnDe6agu7tXuZjrN3wNSfwYMjQCRx%2Bee6JSExExv%2BkII4aalVG61PklWDf3JHpd8j7iET5H1kjd8B4pUofpBu4jFZ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8de6511c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77572,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4c7c5ba3de86a6831736cc197459a0c1","sha1":"3b64303b775e6c863e284ebfee396423fed00138","sha256":"f9b9aeb6a1b4445ae9d5f7290a6e85cd1af902575d64d175ade10719d824b6d1","sha512":"1fd89ea9f80f247efc1399b409cc13501bfc0538bc678cefc46a2e3ae4c70f06736407b3e8a3d4b62747135c55b4f9a4d5daabaf6b413d56e368966bf602e8ad","ssdeep":"768:VIsWEcotW5/tGRaZupln5uZh8EeHaqkv7p23Ek4IVUdOnDrx0urucNwDcPc11cTc:c51oNl5uxGY92ifWDreurukkrUNJg","tlshash":"8f7382d6990bd0e88e5124dde437ed15e4280a63cdadf1a3ba2cdec1b41df62c48753a","first_seen":"2025-12-31T12:29:56.281995Z","last_seen":"2026-02-14T11:04:14.437682Z","times_seen":37,"resource_available":true,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/pDjFf9GLicAOWUbXOXHD8MaxUw-1.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /pDjFf9GLicAOWUbXOXHD8MaxUw-1.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 14252\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:52 GMT\r\netag: \"69851ff8-37ac\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DPoybKmoXd1yNmLx%2F6QbynpNQUZBkxEwq%2BvaEFoMyAP6UToLQ3oTMnMYgDCu%2BwDpYbfSyU2GENMJHWUmMBcbZF2W79BwjylTFo6Nsce2EUNU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8ee8e11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14252,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 310, 8-bit colormap, non-interlaced","md5":"0770f7465728bc7769a55011ec49ff27","sha1":"08d7a0c5adcdf6b104da25b0e37039a658f5e12a","sha256":"2b1d56638a3dd7663aa0398599d0b34977fcef4cd03a4d5084773a6e7ad9d1d5","sha512":"98aa53c832d05509fd7233637884659d90f929aa1aa251b12e2fb49103719e49f71bfbaa9632780e6bc3132cb3f1973c7482bc68055536a2c178c0b9551d24e3","ssdeep":"384:nl+7luTxDKEfGwpgVHbAQJBxqZVRAMHOG6WU7Tm:s7luTxDKEfGwpg9bb8eGdU7C","tlshash":"e452d0d8e5734e88d2a57b866865ce988a629f3030f2ef8e0edd107d08f355d410bb35","first_seen":"2026-01-24T00:02:45.195031Z","last_seen":"2026-02-14T11:04:14.438722Z","times_seen":3,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/secureproxy?e=jscdn/getFile","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rainbow-token.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://rainbow-token.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"llv87110erlt8oxbggd7\"}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6zVE8Ryd1VBJAiBB4fobjgMaMwyBFYcQJJYD99tDVNqrobEeQw9eFWUfshJEjcTacwYIiVMFTdGQrdgIS%2BFsnQaj4TtO7AH8WQObYeSJn6GifQ%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\npriority: u=4,i=?0\r\ncf-ray: 9cdc14bc6ddb11c5-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3310952,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"bb3646acc4092882fc8b2ef21f686154","sha1":"66607ae61f25989b1cd0f74b9f45c6f202390eab","sha256":"c83b5231d8bf60d00604c8d5081a0b33c0519dce633a75626af3bedcda9dadfa","sha512":"d358e863e4eb0c442fc854ac01bb925783586d3acd47a1e81e50845940541793176c1ba3ac9b9c992d9f3d6ac3a6a2270c9ee45612468bae71526108c501883f","ssdeep":"24576:nb/YWmLkwsOukzMSPbg+lsVo5/Cr0OSzcfUjew4lm995FMjA:bGkwdNZngkL4hA","tlshash":"782523a36fdbd8388f6c099971af5d0f7c850c03449da9b6d696e8c23198fb051e7938","first_seen":"2026-02-14T11:04:14.439682Z","last_seen":"2026-02-14T11:04:14.439682Z","times_seen":1,"resource_available":false,"data":null}},"time_used":967,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":501,"receive":466,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/0e6ebd3e-c77a-40ae-a323-44f50ece8a30.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /0e6ebd3e-c77a-40ae-a323-44f50ece8a30.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-10ae\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4NUpz1eE9QY4pguY0CgqNI5O%2FmcNCVp4oSt9cnAtw%2F4C%2FGq5b9gYpMOunNOahMWTcgVc96X7GAJ%2BTzPvC6lINkxTHorsYEnZh5g3NIDS0Rl%2F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd0f1711c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4270,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2777)","md5":"033e553396018869299036b9d0b1e6cd","sha1":"c698a84c3339563a44eb65d2b8f54123f68b3f57","sha256":"1bf49547775f31d7602e8e841026a92a0bb1e22b1467192ad0763d82bb119538","sha512":"266c406e945e3723c99683d67678fd184c0a4373bb87904fd1671667b8e570af6088b491cd55d50425eea3d05e96dcc07e6bb8d996c0c85b0acd3c1677f8c46c","ssdeep":"96:q4fyI8E/pJE904ZdzOJUkproOTty7M3FrumbtmFHopgJP:ZhEC8dzipM/M3WFYgJP","tlshash":"7991f9d544e66002e115886572877ea37bb392922da5c0ddec41a3850ffbf8d13f4a1b","first_seen":"2026-01-24T00:02:45.166396Z","last_seen":"2026-02-14T11:04:14.443133Z","times_seen":3,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/cb783fca-d63f-4fc0-962e-d8a0e4ae8e8a.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /cb783fca-d63f-4fc0-962e-d8a0e4ae8e8a.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-1d43\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oVwpUZApUE%2BPEhobORIOZDT%2FJFOY2cFa7bVUnHyIURsWUi%2FNXIEGwva3wziUTXEZ90fwtcQeavr5R13iLBmh0Nyso8Hmiosdb0vdg7SX3lmP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd0f2411c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7491,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4201)","md5":"daaf0f1e617a8cfbc3a464b9ba74e2de","sha1":"62ee4214ccec3dff4304d7a632cbb04c5c4f5e6a","sha256":"d49c2311f520f61781302ca44f28d708ddab67458b8bcc31cd42684e5a7d5bd8","sha512":"6df93a1f6ab1f81060088bdca8261a98e084488f4b77ef962428ac6f7781cbb34294ab8bfc2caa8e07ff7533572a5973d5ba16579de2ad57492edd6047f2fba4","ssdeep":"192:BAHs8MA/LRK+XD6sXatjzCbPj9aZDILw+dS98+as:lBIa8PRaFqw+dc8vs","tlshash":"e9f198b786c60522f4078e1d3686da7e13b4e0838516c5fc79dea6184fe3edeb27051a","first_seen":"2026-01-24T00:02:45.159884Z","last_seen":"2026-02-14T11:04:14.44474Z","times_seen":3,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/0ae6d522-39ef-420b-b343-754fbfe8e6a4.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /0ae6d522-39ef-420b-b343-754fbfe8e6a4.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-113d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1vSkJVjF6yyrZo7OZ9OmxgAuvt%2FchZOri0xPSIR7E2WbLPudrQAhfor6vHSb1KHjQw%2FY%2BTG5VDTQT5p7R%2FoaFvcdxP8sbFxlzSTmBDINek6q\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd0f1b11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4413,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2933)","md5":"42ba77ded7c724aa1c31b9c2d05d3a6e","sha1":"d80f3594bff777ec2c54a0992b9ebdcb043b82cf","sha256":"af672e3b85f0bf6090bf88d12ce589636ce283025517264d44a38b0298bd792a","sha512":"51836650230e3681378e3050f4a62f9e66fcdf5cf6c55990add19c562a5e43c3a80dd9647e6e1fe8bbedc912450a8baf449f5aa942c88b12a8b03ba0a73900a0","ssdeep":"96:xKfhUMsCFOnQNs++Pgh2IdzejX0i9SdvRAwzRgS4XopRaAKMouVB5:22usvgh/dzYksSdvX6S4XoJoyB5","tlshash":"bd91d3f984518a515722cee7bb4ed637321180033c36ac94dda9c14c0f621bf33a271e","first_seen":"2026-01-24T00:02:45.155207Z","last_seen":"2026-02-14T11:04:14.446415Z","times_seen":3,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/580673ed-79e3-4205-941d-c3b6b5f9796a.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /580673ed-79e3-4205-941d-c3b6b5f9796a.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-1318\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dFWUeJi9VZr9JPKGxxPTkbny6gdMlzO%2BrzcZI5rv9lYuLcJs2xKr3GoHU%2FC3FxXWMNflmKNt7WjDUGJxIe1WfkCJ7j2EXTxplxEcOlcg5dqg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f3311c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4888,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3021)","md5":"70fa911d91e8cd48cf96f8377494ce15","sha1":"7acc9811390197b10e47b984c29799a08985dbe4","sha256":"e97d6073aca0bfa7019d06bc5f6632beba13d11e9fe4813a27695a9c55ae25e0","sha512":"827aa6fac8f93032a159967228d979faaf0296ae4f543dcda4ab94c047390da4c6f7d0b1eefe2ed932304e05f5f9f3d31004080b5ee1d961f59bea0a92ea1146","ssdeep":"96:4GKYb9FZ0KXMyFmscQoCny65PdrxzmS1l8h9sZ:4GKybmKX/V7m65PddmS1l8h+","tlshash":"72a167f6e5890025f4778f2a7447998e27477297e91782f4f2b4a72c0ee6edd3130819","first_seen":"2026-01-24T00:02:45.163701Z","last_seen":"2026-02-14T11:04:14.448175Z","times_seen":3,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/9a15001c-6a8f-4f0b-8dc9-c34065bb8471.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /9a15001c-6a8f-4f0b-8dc9-c34065bb8471.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-1fb6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Uoz9Pe6gUp6K13kZeH42C%2FpvnYHz1FkOqD0KqtLmAIqy67MfHKqQxkAPoeQRe26O7xCEP4zL6VgJhfLm2jHX1x6j8C2rp7M4qlA6Cc0LoWoB\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f3811c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8118,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4701)","md5":"8e01cafc59e396be1222ede8bd3daa96","sha1":"692e2f8b5471f10373582015502a289634d804a7","sha256":"f0e638071de486954b14b0308c85709629cde61ebbc6bc0ede5403d7427553cd","sha512":"a0210423da7ef9f8a09e367bc66f9b63ae757bf0a03bc75f61250095bb50cba8955631783dff9b9d2bed89238145490e624b192786c33a7e05519192928314f5","ssdeep":"96:z5+feONdu3i2KnxLTAEeSSNhzzdT0hZk7mrC/1OBnA9PbVoKLGvaHnTTLGbzGzJr:z5+lRA/z5TqK7j/CuSQWazHOIJsqB8A","tlshash":"bef1d8fa8b950410f0434f2e3246fa6723a4d0534d06d5e8b9dee5148fe3eceb27065a","first_seen":"2026-01-24T00:02:45.18588Z","last_seen":"2026-02-14T11:04:14.449783Z","times_seen":3,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/aeb4ef5a-756a-4031-b479-a040d85cf6b9.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /aeb4ef5a-756a-4031-b479-a040d85cf6b9.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-37f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j0bAgh7XmKGHJ6G%2FGrRrpEoY5B1dGSe8DvBhVUyvob%2B6JGExhMqt2nebBS83GFaZbgN341bzDx4eQ8DgfD3H2Ld6DaY%2F20ZB4xF8e4RS5OPp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f3b11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":895,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (625)","md5":"2d3a66d29fcc8e9fdce221674b367f57","sha1":"541ffd8decd9e6df875d63ed2064b334cf975b57","sha256":"eedf5aeacff0305676cb22bad8857f95464db84abba2305ac6038a91a9080322","sha512":"a5cb59a61602a2fee8798a952f597509bedfd467e28a7fe035d40e92a143142b0796577b31b6b96c030f5fc23e92e54fd1ffc32e12fa8c4dc80e4fe6ca0e2c75","ssdeep":"","tlshash":"cc1184de4b162209780a6b6e5d4a4a1632171043c5238286f1c9621c0fbf79933a1e2b","first_seen":"2026-01-24T00:02:45.152475Z","last_seen":"2026-02-14T11:04:14.451285Z","times_seen":3,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/2f0ff77d-ab1f-47fa-aa9a-17058046ec70.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /2f0ff77d-ab1f-47fa-aa9a-17058046ec70.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-71c\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jf8YyD6Rv5W1dyshACJSxq7zGYamycLJntoBdkuCu0PZ86RcVvzL56V9vHkVn4v2JXFDaqt8cnIJTwGz349vaqT2o%2B6%2BYhq9K3yv2RBXU%2F9T\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f4611c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1820,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1193)","md5":"3fca7708d763857d2dca0561dace70ea","sha1":"553e970a75478bd99773abd4b5ae52504a5fecb7","sha256":"e2427e22f61c99d566402ff37e09758186a67f14f40ee41ec344b8ebece3cc6c","sha512":"202d0eb07b0b792e138dad06ffc8bc8314b827203a1a02b43095ac97880c3a25989d890aa373b693302b86e433459532509e4e2e80e7c0bdc24c046e4a37a6d6","ssdeep":"","tlshash":"523186ffda4206116827cb1e76828f6703d2a0866511c1ddf9cab5891fb3dce719260a","first_seen":"2026-01-24T00:02:45.186597Z","last_seen":"2026-02-14T11:04:14.452581Z","times_seen":3,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/90772448-97d7-47dd-b471-e54ca6a275b1.css","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rainbow-token.com/index_1.html","date":"2026-02-14T11:03:48.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /90772448-97d7-47dd-b471-e54ca6a275b1.css HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/index_1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: W/\"69851ff7-927\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 135020\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TG8ussF%2BoiYD7Y45glE7aAm74%2BZia3b65MSUBFSfBcKYH%2BW1mG6z%2F%2BZVhlMfLYrObWxDnpeCVYEF7Rrj4PT6etd0ErvXi3ZOXlAcbrmHTaeg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14bd1f4d11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2343,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1441)","md5":"9d94204f02e912e9be275790186446fb","sha1":"f10722a39560834cad75db01b9b0fdf4669373b3","sha256":"098f6bc417a8e120f9dca873f0f3f56ccd696039d42a0d501e81deb0aa64b6a9","sha512":"25bdaf72f432e4f6c698af8f66076f5b46bebbc9e2b2cab05c254ef437c205f944eb7763b0290da917124f7b06c3153f883f93518f0bc0b45df8ec4c8b7b7b91","ssdeep":"","tlshash":"244161b7c50a0419b4638e2e3246951652a2f103150a94abf5cf66888ff7adc76f0b07","first_seen":"2026-01-24T00:02:45.198486Z","last_seen":"2026-02-14T11:04:14.454225Z","times_seen":3,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/Hml6PtJwt03gwFtTRYmbpo7EarY.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /Hml6PtJwt03gwFtTRYmbpo7EarY.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 26919\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:51 GMT\r\netag: \"69851ff7-6927\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W%2B8x4SqDpFif5s%2FSB%2Fynm%2FTn2%2FC6xEd1Fy%2BSLtLVQQA5pQfnzO%2Bfq2nyGdm8doW9Z0bU1V2I0%2BzPub6Hq2YjoAASqZBbIRs7%2FDtqW7nB2Qey\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8de6a11c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26919,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"49ccaf9316affbfd5774848d0ee49159","sha1":"72e32fb788b408f82fdc158c9ba34a44b201c32a","sha256":"a8877fc1150e1641e255c304cbccb491f622324076a51119a9ffc15f42a35e2e","sha512":"4d9b3ad6ce40d23862a9c66adfbd26509f8335e9b3d651e2c97fa7356415a9da51765d5f4c43cb59d031f366085eea7b84aa4aa93eaeebe1fe9e421ec7dd1ada","ssdeep":"384:fP5JiKbBw9CQGqtwecRYJYUGVDcGBs5RTuoe7vxXbPeKw0mxIplPXmpL9w+iiC7F:7nuZth/bcrQsXhw0mxIp4pq+lU","tlshash":"5fc2d111df23cd4ac8453766937f820b9724c500d2a2ae6e7e4eab98ac3817dd4686cd","first_seen":"2026-01-24T00:02:45.191112Z","last_seen":"2026-04-07T02:50:41.083003Z","times_seen":6,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rainbow-token.com/UFvPlymoCJQRWIcq6OuiAEro-1.png","fqdn":"rainbow-token.com","domain":"rainbow-token.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://rainbow-token.com/","date":"2026-02-14T11:03:47.360Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rainbow-token.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 21:35:15 GMT","end":"Wed, 06 May 2026 22:35:03 GMT"},"fingerprint":{"sha1":"50:8A:5F:34:06:32:43:AA:F1:74:4D:FF:30:E8:B5:27:88:C4:58:37","sha256":"58:53:86:4A:74:0A:F3:AF:C7:D3:49:8B:65:74:E3:09:2E:A6:78:13:8C:80:AA:87:25:27:59:B2:2F:5C:CF:24"}}},"request":{"raw":"GET /UFvPlymoCJQRWIcq6OuiAEro-1.png HTTP/1.1\r\nHost: rainbow-token.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rainbow-token.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 11:03:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 56759\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 05 Feb 2026 22:55:52 GMT\r\netag: \"69851ff8-ddb7\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aM5rewHhGrNQQkhm7uCUyI7ERVo8gwxoJaECIJRgABDuT2ccXQE1p0Y2kU31l3FZKn%2F%2BLGtvhM2q%2B4HAMvLVVaQJDj3xVL98LFJoCG4shXhH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cdc14b8fea411c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56759,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 632, 8-bit colormap, non-interlaced","md5":"5afe0d4aef945e916a45d0b3ddccd3bf","sha1":"1b9b6c917a4be0feed50e97490d208febf66f561","sha256":"3ce86109d191650b4ea7022db6ce06c2a0c30f1f99d409728414b7f4a209d808","sha512":"7cbfddc17104f234a4db7fa388dbbf8edf7402d5b84e9c774f232aba571d8a90e8015f0e3f9a218c816e82e6f3afd1e9490d47bf78ca5fa5442cd6f80231af71","ssdeep":"1536:uqf4J9m95/alfvbmql86j8vEa6eRDrSz0ZSY:uqfYoNah8lvWedzF","tlshash":"d043f1d8f9870e9de8c4493df430c6bca68e55dc2ebae1a6c42535ae11cec94d0d49e8","first_seen":"2026-01-24T00:02:45.158308Z","last_seen":"2026-02-14T11:04:14.457272Z","times_seen":3,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"rainbow-token.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}