{"report_id":"4a3676c3-cddb-4076-9a3a-daf30243a32f","version":6,"status":"done","tags":[],"date":"2026-03-13T04:13:01Z","url":{"schema":"https","addr":"wars-reward.xyz/","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"104.21.53.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"wars-reward.xyz/","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"title":"$WAR DISTRIBUTION","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"wars-reward.xyz/","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"104.21.53.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-17T04:13:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"wars-reward.xyz","ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-06","domain_rank":0,"first_seen":"2026-03-13T04:13:01.669448Z","last_seen":"2026-03-13T04:13:01.669448Z","alert_count":9,"request_count":9,"received_data":852075,"sent_data":4188,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"wars-reward.xyz/","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"78532b1c534a7f4e336074481c2ffd05","sha1":"a0fc3ac6ee1e58883121400a9e913c7198ac206b","sha256":"b04ac3f11d41293527181958275ebec38e2ca9aa8f4bf269ebd86f8dcbbcf868","sha512":"004ad8432c4c006d9f694fbc960d84a7f15f25ca50a53ed05b9f0f006ee923e559db825b67dc0709eb1ae624bde889fbcf85d0b311c4961bfd77785deaa226dc","ssdeep":"","tlshash":"68c02290c5e88920853c009a203023a870a0181d080262daf7bc484a2b8cfc04a44d22","size":194,"data":"","first_seen":"2026-03-05T19:57:45.158623Z","last_seen":"2026-03-18T15:51:32.25777Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/particles.min.js","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"00debcf6cf0789a19cee2278011afcd4","sha1":"8017f8b1869077db728573f1ca4684a00af69462","sha256":"faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6","sha512":"29e7f9b1cee07d369c47b4d929e95cad1b35e62a5fefeb7e9fb661ea628d25b996fbf4517425bd9f07cb9f8617d2cda73ba2afe58d8286a8086a4682e8f5b4f4","ssdeep":"384:NkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:NC7T6uYvn8wRxwyryVOEKXW5","tlshash":"61a2934d23f73e77378ab2e09be9d122c774a4d1399b04b0f93c667da52549201ee7a0","size":23364,"data":"","first_seen":"2023-03-07T01:16:44Z","last_seen":"2026-06-13T13:13:14.246374Z","times_seen":5059,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/secureproxy?s=%2Fipfs%2FVVjQVxihpgY5q4qgzIMO-Acaeb38ecc9fd2130287300cddd2934fb%3Ft%3D1773375159986","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d1a3f5ad007b0683bd8832a982b9a7d","sha1":"4e59caa7a883fd27baa52f1a3a77d73ba02f0930","sha256":"3d0f9bc2432b277003b8fb013cd28e29609faf1435c1c8aa2ee0fec6abcc0889","sha512":"da13f0eb2287d1b625bbe9c2827045eca724b3783b0ae64fdc5cb1288585e9a0404aaa3d8cea22ee90efc8a6d3762458d8ae75799499e01478ccb1b2d5dbaf00","ssdeep":"6144:qh5gDg6Euno4xvlISDhTl0WHvfUp+v+9J87XGQOwOyyGpMy:qsgZunzvlzSWP8p0Q+Bz","tlshash":"87d499c08b4c357364802aea15fb446fdfdc0de82e4be8536bd098b5e379b8351e5998","size":634340,"data":"","first_seen":"2026-03-13T04:13:04.140378Z","last_seen":"2026-03-13T04:13:04.140378Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/snowflakes.js","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a492afe47e2af6e5f5cc87512db9b62","sha1":"47e1342d2e705c3fd5c917ac47d6c4ca6677ede2","sha256":"d63054d0d07b0e61e0f1e5a3ea8670fbe0f2eae377913603a043f03d1cb3252c","sha512":"4c14d1e90c11f74d16c28834f2ce68ee4acaee657f5d4bb7e7dc13def8018a5e540913481f757adb6d45187a306db0e7a4fd1a26f7dfa01253aa9f19053c56f9","ssdeep":"","tlshash":"08510d4860a23828157f631d7ad2988ce5302027be014d7ebeae42635f71c4cdc98dfd","size":2457,"data":"","first_seen":"2025-08-31T03:13:37.754782Z","last_seen":"2026-05-01T15:06:22.864567Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"adb5accbf3eea1a9809fe2f31a17dc51","sha1":"b5dd2e8dd5de9825a940e9b3cac200a1a3b022ac","sha256":"74f41e9217fdfb6538bad20759a5185689b15ad82280de27abe2dfc2b3c034b0","sha512":"01774b850246e42054968343c0726b2f1d81c0542a03f7cf26952862207dc1517e01bd321ce411cbbb8342b1a41c6191076139e4d6ec8a058ae1753a4c36cbeb","ssdeep":"","tlshash":"dc71282ce9b41cb3104ab07908be5247b570955b0d2a3d35bd4c829c5f0ee6e61be7e9","size":3587,"data":"","first_seen":"2024-08-19T21:41:20.669609Z","last_seen":"2026-05-06T23:47:35.269243Z","times_seen":366,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"wars-reward.xyz/particles.min.js","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:39.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET /particles.min.js HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wars-reward.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:39 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Fri, 06 Mar 2026 21:21:38 GMT\r\netag: W/\"69ab4562-5b44\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NTk9lY7%2BdlBnXSceWUal7gz%2BZrTYpRrf29XJhrMBq38V8NJTbFCHxSqn7X%2FTD8XDOqfuqePLir54QfGv44Ji%2FN3BWGIuC0DVJpr%2FemBk4Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9db8339c7b4675ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23364,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (23002)","md5":"00debcf6cf0789a19cee2278011afcd4","sha1":"8017f8b1869077db728573f1ca4684a00af69462","sha256":"faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6","sha512":"29e7f9b1cee07d369c47b4d929e95cad1b35e62a5fefeb7e9fb661ea628d25b996fbf4517425bd9f07cb9f8617d2cda73ba2afe58d8286a8086a4682e8f5b4f4","ssdeep":"384:NkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:NC7T6uYvn8wRxwyryVOEKXW5","tlshash":"61a2934d23f73e77378ab2e09be9d122c774a4d1399b04b0f93c667da52549201ee7a0","first_seen":"2023-03-07T01:16:44Z","last_seen":"2026-06-13T13:13:14.246374Z","times_seen":5059,"resource_available":true,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/logo.jpg","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:39.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wars-reward.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:39 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 39725\r\ncast-mode: default\r\nlast-modified: Fri, 06 Mar 2026 21:21:38 GMT\r\netag: \"69ab4562-9b2d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tXslX2MJW9hkYxPG4Eao4EcQPx5ezEQLJ%2FzfBZ17YjT9wg%2BESBXmaoy87jyeJFdoZ3BF%2F3KGk%2FLdCu%2FjYsqsQscfab%2BLmxGjF%2Fn%2B%2BKK5fg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9db8339c7b4575ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39725,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.3], baseline, precision 8, 400x400, components 3","md5":"7a66e579af8623ae7cc4a6bbb2ece75e","sha1":"e574a7498a1a9cb8ee036fa4821f36ec178f931f","sha256":"ecf3e1ea2a07a4556adae13a88cc6a0c7f73b199bdf5bc00a48f6f93a94b7c3e","sha512":"33355013e62985ac86c02faa6ed7d1b72e4018ce8284cfc530a8b45ee101a9ea6180b4cd51fef81d7cc671f60e2af0f333264c1c41c926a2173fa99643cfb8b7","ssdeep":"768:fBcwCmMSjIR7JoIhggGvdA1KaRWVpH8pyKqbA0nQ4:fBFCqjg6IufvdfjHgscB4","tlshash":"d003f152d6062b57ea6ec33ad045d80cc3043f17e5bca64ff644461ef5f8caa75802ae","first_seen":"2026-02-13T17:37:29.70135Z","last_seen":"2026-03-18T15:51:32.238863Z","times_seen":7,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-13T04:12:39.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 13 Mar 2026 04:12:39 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Fri, 06 Mar 2026 21:21:38 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BvfMcuSHhGesi3Wm%2FadDK1MpWdNrKHb6xkEcyeA9m7nI3Pf1djLXVZdwx3UmM%2BPYqnv1BPWTQ%2BpncW%2B9fXa9iUlqbeAi7yzd6UgQ8QfYCg%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9db83399da66723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":101291,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (62253)","md5":"96e926cb78e973e713a0f11459e9ea48","sha1":"0864d8f4b879dc2048ef88d93a674de2a126c751","sha256":"66e281038c00a3ae199b404c4a0e6c4d908118429ee707c56757408d69825fbf","sha512":"8b576572ef38a68fdd6aca0030ac08e9b2844d3bedec220059b285702e37e149f12890f925c24b4460a7e66c7e7ba16694db8efeb8664ab3a4261011db0e1e78","ssdeep":"1536:kgljBRvb7zj9Vc4yxvxE4ZJhMcR239kPJdM9Nt3ZrPLaZYb:D9PA/jMT39kBMt35PLD","tlshash":"a2a3706a4c5cab4e33321c2ecf13243e6e8665eeb60995df388f74ecc7664149665ce0","first_seen":"2026-03-05T19:57:45.156411Z","last_seen":"2026-03-18T15:51:32.234748Z","times_seen":6,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":68,"dns":55,"connect":1,"send":0,"wait":220,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/secureproxy?s=%2Fipfs%2FVVjQVxihpgY5q4qgzIMO-Acaeb38ecc9fd2130287300cddd2934fb%3Ft%3D1773375159986","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:39.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2FVVjQVxihpgY5q4qgzIMO-Acaeb38ecc9fd2130287300cddd2934fb%3Ft%3D1773375159986 HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wars-reward.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:41 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"9ade4-TlnKp6iD/Se6pS8aOnfXO6AvCTA\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=rQJNGIGRZGFFrO2kZmqBRg.js\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 03/13/2026 04:12:41\r\ncdn-edgestorageid: 883\r\ncdn-requestid: ca90bc5b546c8805130c37227b69089f\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3jkGnU6s4OrMUyiObxv2LU2%2Fdt0f8GuQFrYvqX3eimrVzJpPwji7i4pHUWbMXOAql9rMj57qYjsKQ1VbHf7QzX0VcGcs6%2FML6JwX0k3o6A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9db8339dfb6d75ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":634340,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4d1a3f5ad007b0683bd8832a982b9a7d","sha1":"4e59caa7a883fd27baa52f1a3a77d73ba02f0930","sha256":"3d0f9bc2432b277003b8fb013cd28e29609faf1435c1c8aa2ee0fec6abcc0889","sha512":"da13f0eb2287d1b625bbe9c2827045eca724b3783b0ae64fdc5cb1288585e9a0404aaa3d8cea22ee90efc8a6d3762458d8ae75799499e01478ccb1b2d5dbaf00","ssdeep":"6144:qh5gDg6Euno4xvlISDhTl0WHvfUp+v+9J87XGQOwOyyGpMy:qsgZunzvlzSWP8p0Q+Bz","tlshash":"87d499c08b4c357364802aea15fb446fdfdc0de82e4be8536bd098b5e379b8351e5998","first_seen":"2026-03-13T04:13:04.140378Z","last_seen":"2026-03-13T04:13:04.140378Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1458,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1362,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/119246100adcd76322fde730b9f8859e.txt","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:40.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET /119246100adcd76322fde730b9f8859e.txt HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wars-reward.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:40 GMT\r\ncontent-type: text/plain\r\ncontent-length: 0\r\ncast-mode: default\r\nlast-modified: Fri, 06 Mar 2026 21:21:38 GMT\r\netag: \"69ab4562-0\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jMDK%2FPA0BlFYnokfOkMBRe6E115Yb6%2B00wS8CdvxwcUmRBwAar%2FD1mbgsr4Ru0sk6X9KZVZ6tNtqf%2Fk2ZwFgk71L8LsXfZg5YctZ6pyB%2Fw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9db833a00b8875ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T14:33:38.925182Z","times_seen":16388818,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/logo.jpg","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:40.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wars-reward.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 39725\r\ncast-mode: default\r\nlast-modified: Fri, 06 Mar 2026 21:21:38 GMT\r\netag: \"69ab4562-9b2d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qHprCAxiPBmxjKhRAjyeTVD73%2FAHnXOKJnfD9kJcpN%2BvzC5tCdMKxhLEGLSlkukadYBybTjFa5iWF7%2FzM3mAVxQ28znagWviXlLMgBn4cA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: 9db833a0ab9a75ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39725,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.3], baseline, precision 8, 400x400, components 3","md5":"7a66e579af8623ae7cc4a6bbb2ece75e","sha1":"e574a7498a1a9cb8ee036fa4821f36ec178f931f","sha256":"ecf3e1ea2a07a4556adae13a88cc6a0c7f73b199bdf5bc00a48f6f93a94b7c3e","sha512":"33355013e62985ac86c02faa6ed7d1b72e4018ce8284cfc530a8b45ee101a9ea6180b4cd51fef81d7cc671f60e2af0f333264c1c41c926a2173fa99643cfb8b7","ssdeep":"768:fBcwCmMSjIR7JoIhggGvdA1KaRWVpH8pyKqbA0nQ4:fBFCqjg6IufvdfjHgscB4","tlshash":"d003f152d6062b57ea6ec33ad045d80cc3043f17e5bca64ff644461ef5f8caa75802ae","first_seen":"2026-02-13T17:37:29.70135Z","last_seen":"2026-03-18T15:51:32.238863Z","times_seen":7,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/secureproxy?s=%2Fjmpd%2F","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:42.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"POST /secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://wars-reward.xyz/\r\ncontent-type: application/json\r\nContent-Length: 1442\r\nOrigin: https://wars-reward.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1442,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QBrwIaAyYAEwDSAi0DIwD0AiIAAAECQQMAAO8nhn2XtsKCAQ6YFB45RyngYCPHE2YCAABI51Wow7FuZELUukymBSOLzzMcGCkVVSGo0cwJuovzwhG453ExPIaJPnDIOT7BPUVHTnuU83HBm1kIEmQQ6pOCb4eOSPyyNC4hZoHRtXUnHEg8QY4ff4sC24G84hA7iYiYXR5IOCg6HGtdZC23coE8Q9A3kZjfbWdfcdf7VySVKqhlKx6mTeJqPyPrusydLv6Dmnb0hs6Cgq8npBDfv2WOl7GPvOl0lU1WsJoFT2caVagKuaTL8lSMTmKwsk3Uf5YehjRSZlz8G1nanaKziPVxntYPW9fIWHTUSLBVIqX_0mg9D8TPOCqu8hIPoNtiC3JLEV10k7QnEqcckgINdb1iWNnNtiJanD1D2x1U-y3y9ljHe3TJkHRWKNmOmB9ubCocA1JlOS4GFphtlCGN9YdWNsXcU_qsuCUHalVZclLfx1RTAp8TS_KQ-EneVO356yT91wVi88pOWWS5M9QQ5z2wVW6q7GmRsI7bCepceGTkEgleCEOe_brVk9Ar7n5ya0v2WIraiVKtp8nH0FyNA4mTJlRb-SBg87iXk9aBVcBscmgo6Ddw48DKpHbpxqqWaXjOTqydEg1W96yYu3lGRWdniRxuv3DfCbb1L6p4_ORoCccapAKZ9FiO3RtBFuR6wZ5Y5HAJ_PZgCJtFsXDRNqxSOfW47dFUsTPh52dlR0ZTiNBZKVbZEqb70c1zcUVdC4nRPNCrI79MuQlwa-PUUs76iVP_cqKcIB66BIdTFMOEhWxMKiJqk-L1KbYyh587FZrtF8XOOxKTM9VfOktirbhtgHlB4Kj_fCHplIQGjED011SvPGDhUUNsF3LRPx9KLf5_E1tApziL-Dhr-QMmza4_fMa9ZaCwwYLwVRIQc0ckWWJo44tqKUcZaUr5yGK0HRRGDm_p_SQeJUWkb0VEFyPmiIgWl0nnwrEmYPCXjmlBN1M7B9ytYR3Mv6gPoeVdWLumMhzrUVwsjnlyA8XZwqgjzJipnyG71VWEU9emDv_LTCmiheSTKMwqo6Z4nzKvPMUwtwLkmleM1-IRn7itjZlGiX6hbHu5_L6yZ-DV-DkdypKbFROcKiwyppEQgpdNatiOCOvBNEdfJJM4WlchynLShSUarV13As-FpnU3m8xT4S3Wae3_KKdEEA\",\"challenge\":\"eyJpZCI6IkNPcWpxSlZSek95SFdMQ2RObUd5WEEiLCJub25jZSI6MTEsImhhc2giOiIwMDk5YWFhYWE1YjE3ZDQ3YTNkMWU4YTM3M2JmNjEyZDEwYThiYTU3OGU0YzQzYmM4NjY0Zjc1NWIyZTg1OThiIn0=\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:43 GMT\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nx-ratelimit-limit: 10000\r\nx-ratelimit-remaining: 9995\r\nx-ratelimit-reset: 1773375222952\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 204\r\ncdn-cachedat: 03/13/2026 04:12:43\r\ncdn-edgestorageid: 883\r\ncdn-requestid: 4973eabe7efa675024ffff840903d148\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J31zNaIska2NhFa2h0x7UwL80azUQ2czj0w1nvgI5ta4lvAQmUYHHGVUsRihb65CmR2uONfMPcf7C%2FnMa%2FEklJ3oxd2boWIqBOSpUZkGZQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9db833af6c6d75ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T14:33:38.925182Z","times_seen":16388818,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":772,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/snowflakes.js","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:39.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET /snowflakes.js HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wars-reward.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:39 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Fri, 06 Mar 2026 21:21:38 GMT\r\netag: W/\"69ab4562-999\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=htQkxrqMNpYCWoigtYT7PVTnuVvq%2Fl9mTqnGn%2F0097MlKtjC9ez6GNg%2Buq62GCvAvymzq9TX%2FJHcK50vrpSYk0vFFCyiTqKvvtKviFx8nQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9db8339c7b4375ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2457,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"4a492afe47e2af6e5f5cc87512db9b62","sha1":"47e1342d2e705c3fd5c917ac47d6c4ca6677ede2","sha256":"d63054d0d07b0e61e0f1e5a3ea8670fbe0f2eae377913603a043f03d1cb3252c","sha512":"4c14d1e90c11f74d16c28834f2ce68ee4acaee657f5d4bb7e7dc13def8018a5e540913481f757adb6d45187a306db0e7a4fd1a26f7dfa01253aa9f19053c56f9","ssdeep":"","tlshash":"08510d4860a23828157f631d7ad2988ce5302027be014d7ebeae42635f71c4cdc98dfd","first_seen":"2025-08-31T03:13:37.754782Z","last_seen":"2026-05-01T15:06:22.864567Z","times_seen":342,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wars-reward.xyz/css2.css","fqdn":"wars-reward.xyz","domain":"wars-reward.xyz","tld":"xyz"},"ip":{"addr":"172.67.212.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wars-reward.xyz/","date":"2026-03-13T04:12:39.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wars-reward.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 21:00:01 GMT","end":"Thu, 04 Jun 2026 21:00:00 GMT"},"fingerprint":{"sha1":"C7:8D:1A:8B:4B:DE:E7:C8:8F:4E:36:94:D0:2D:4E:F9:EC:11:E7:FA","sha256":"B9:86:4D:81:4A:CF:C3:56:6B:A4:BF:C0:5D:BF:E6:BA:3A:E9:5F:3F:26:B6:3A:BF:6F:E8:B7:6B:46:6A:F4:D2"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: wars-reward.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wars-reward.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 13 Mar 2026 04:12:39 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Fri, 06 Mar 2026 21:21:38 GMT\r\netag: W/\"69ab4562-756\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oC7MAXrLSQcf3W%2FgMIr5Cb7jH4fPvo7Astswo1q0PEA3dr2KHllv%2Fl2fTwF2Kak4qzMY47LLxW%2BdQeBjG6%2FGr9HnQQuxnAyYuiMtmQBVnA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9db8339c7b4475ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1878,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"9062a655afcc97c2d427b10f735a8aea","sha1":"b22103ec1665985589e0be5b9f5e9686461dc12f","sha256":"66489ff17cd8cbe69f7dc79d660975d2910614eda742803f69181a0ecf3bc4bd","sha512":"ab721d03c97484fcb5cef9844c74968d7bb643c1ebee2eea3a2e8129f9366306f24d0b42e6889213aa56bd28047ad42645cbc4457fc3dc681dd8e7df4d4265eb","ssdeep":"","tlshash":"89419b414c3a5104a3d32ce263ce7d31cd4ef244b045ca34bffe1859ac4ad6563a4b5c","first_seen":"2025-08-07T19:45:13.885497Z","last_seen":"2026-05-01T15:06:22.858559Z","times_seen":359,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-13","alert":"Sinkholed","trigger":"wars-reward.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}