{"report_id":"53e93ae4-7189-4f99-a026-bcf98397aea4","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-05-22T06:28:28Z","url":{"schema":"http","addr":"claimallocation.finance","fqdn":"claimallocation.finance","domain":"claimallocation.finance","tld":"finance"},"ip":{"addr":"63.176.8.218","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"claimallocation.finance/","fqdn":"claimallocation.finance","domain":"claimallocation.finance","tld":"finance"},"title":"Universal Quantum Bridge | Secured Distribution","dom":{"size":9421,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (435)","md5":"b0ebb3f792d8f1cef467fa44b1d25c9a","sha1":"604ccd01533f1f0f657ba9ba793507d7b5f3a337","sha256":"75c5b4c86b479bb888727405cfb26cb91e0b53c5773fbf0fdebcf0b6f41b1a3e","sha512":"6a48693e94fe4723d52287d0857ef959b2c4a38567dba743cfd7b505225c11dcaf1fd64440f46e7d60ac8ecadf2a0b8d37c78c63bd472e93f9ce4406cfb07485","ssdeep":"192:7+zSWQZk95XMLfvUXLAyx/jwtqJbG25TzuUuhoe4u9HMGDy+bM+wPHBbVL51k:3C3jiATzgL9HhO+bqw","tlshash":"a112e72331f6106156a3a0e6b9b3878f2560d10bda0648a5beeca284df8dcd1d5b76cc","dom_hash":"domhash6a0e4f93e3bcc6b7b1ee0edfeff9894a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"claimallocation.finance","fqdn":"claimallocation.finance","domain":"claimallocation.finance","tld":"finance"},"ip":{"addr":"63.176.8.218","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-26T06:28:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"claimallocation.finance/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"upload.wikimedia.org","ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"domain_registered":"2003-03-16","domain_rank":4329,"first_seen":"2012-05-21T09:39:45Z","last_seen":"2026-05-18T11:37:21.606911Z","alert_count":0,"request_count":2,"received_data":222716,"sent_data":960,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server:9.2.13","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"cdn.prod.website-files.com","ip":{"addr":"104.18.160.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-01-23","domain_rank":20159,"first_seen":"2023-11-01T22:05:38Z","last_seen":"2026-05-18T12:21:49.468364Z","alert_count":0,"request_count":1,"received_data":1253,"sent_data":509,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"cdn.brandfetch.io","ip":{"addr":"52.84.50.48","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2019-04-17","domain_rank":443360,"first_seen":"2024-11-15T13:00:59Z","last_seen":"2026-05-19T10:41:34.955494Z","alert_count":0,"request_count":2,"received_data":11367,"sent_data":1041,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"claimallocation.finance","ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-22T06:28:28.297449Z","last_seen":"2026-05-22T06:28:28.297449Z","alert_count":2,"request_count":2,"received_data":13897,"sent_data":945,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}]},{"fqdn":"www.exodus.com","ip":{"addr":"104.18.36.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"1994-12-15","domain_rank":202967,"first_seen":"2014-12-27T06:16:54Z","last_seen":"2026-05-14T15:29:02.340165Z","alert_count":0,"request_count":1,"received_data":3162,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.svgrepo.com","ip":{"addr":"172.67.216.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-08-25","domain_rank":416983,"first_seen":"2017-01-19T22:08:52Z","last_seen":"2026-05-19T01:54:57.361504Z","alert_count":0,"request_count":1,"received_data":1383,"sent_data":460,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"claimallocation.finance/","fqdn":"claimallocation.finance","domain":"claimallocation.finance","tld":"finance"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"md5":"eb2927f44c6d4954768c7d64d63f7847","sha1":"d80ac794b8b5b7916b4df2c74afb86dba5a47ded","sha256":"5511b1d0f75f7747e38d14d33719d9f0d0430bd3b3556c6d9dbfa02218e09262","sha512":"3da2b0511730b4f6771907412ae31acd8440bd51bc7809ad1fbbcb501f1ba64709088683373b85276e4c3b1eea84cc85b7d3ed9b3519280d7e67defa76c0e048","size":2430,"token":"8882451924:AAG0JWnQUzqPJVTuO0XAjEGvvh_UQabEYnc","is_revoked":false,"bot":{"token":"8882451924:AAG0JWnQUzqPJVTuO0XAjEGvvh_UQabEYnc","user_id":"8882451924","username":"Seedphish_bot","first_name":"Seed phrase phish","last_name":"","chat":{"chat_id":"6100264495","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":1}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"claimallocation.finance/","fqdn":"claimallocation.finance","domain":"claimallocation.finance","tld":"finance"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"eb2927f44c6d4954768c7d64d63f7847","sha1":"d80ac794b8b5b7916b4df2c74afb86dba5a47ded","sha256":"5511b1d0f75f7747e38d14d33719d9f0d0430bd3b3556c6d9dbfa02218e09262","sha512":"3da2b0511730b4f6771907412ae31acd8440bd51bc7809ad1fbbcb501f1ba64709088683373b85276e4c3b1eea84cc85b7d3ed9b3519280d7e67defa76c0e048","ssdeep":"","tlshash":"ba41ce9732e31a704aab7aef73a383d8342480035d059c85ba5cd2524f24c9565bbbdc","size":2430,"data":"","first_seen":"2026-05-22T06:28:33.125452Z","last_seen":"2026-05-22T06:29:18.128019Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"claimallocation.finance/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.svgrepo.com/show/331345/coinbase-v2.svg","fqdn":"www.svgrepo.com","domain":"svgrepo.com","tld":"com"},"ip":{"addr":"172.67.216.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"svgrepo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 11 Apr 2026 20:45:47 GMT","end":"Fri, 10 Jul 2026 21:42:00 GMT"},"fingerprint":{"sha1":"4A:2E:B7:A8:F0:FD:62:75:08:B0:15:C7:30:4E:31:E6:EA:7E:97:70","sha256":"BA:3D:55:4F:76:5D:B3:14:23:8B:DE:0B:39:31:FB:7C:9E:7B:C9:88:55:15:4F:B7:FC:3C:28:F9:70:87:24:0D"}}},"request":{"raw":"GET /show/331345/coinbase-v2.svg HTTP/1.1\r\nHost: www.svgrepo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 May 2026 06:28:07 GMT\r\ncontent-type: image/svg+xml\r\ncache-control: public, max-age=31536000, immutable\r\ncf-cache-status: HIT\r\netag: W/\"63bb63a6-255\"\r\nexpires: Mon, 18 May 2026 14:11:42 GMT\r\nlast-modified: Mon, 09 Jan 2023 00:45:26 GMT\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2B2kuXBLcckp6z0YHx%2Fd29IooIbf7WnX8LtpoAlQwAGtAAY9orX2WHO9bZ0eZocm%2BDaOKcu7x%2F5TiIfr%2F7gabgS6bwndWuqtGj7nDG1D1cbvaUeS0dT5cBvPykZYJxjalpGE%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-id: iad1::2f8lj-1740798378990-9dd0e2b9bd50\r\ncontent-encoding: br\r\ncf-ray: 9ff9c24908c08deb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":597,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e787ea02b2f92ceffa118f3f2089e11e","sha1":"42d3813d1e1da4af060cd72f19ae7b5a8d1321ae","sha256":"2679eba5209ea0ff784d44c2eec56c90d0c43b111ba4bafc6afff7dbb088f6ba","sha512":"53c023e3cb5653ca160b2785cc43cd6b444e1939f5c061974fe604e4d27649bfa07cc0384f2bc9d089ceeebe67a72274ed7bc071b4d1eaeb9b686901a787c3fc","ssdeep":"","tlshash":"bef041259094e63e4648c3235e71c0ea333d721293822711c270cf51f107ba7d84f8de","first_seen":"2025-04-07T11:42:24.9104Z","last_seen":"2026-05-22T06:29:18.089921Z","times_seen":94,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":58,"dns":35,"connect":1,"send":0,"wait":69,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"upload.wikimedia.org/wikipedia/commons/3/36/MetaMask_Fox.svg","fqdn":"upload.wikimedia.org","domain":"wikimedia.org","tld":"org"},"ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.wikimedia.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 05:51:37 GMT","end":"Sun, 12 Jul 2026 05:51:36 GMT"},"fingerprint":{"sha1":"62:23:EE:89:97:A6:C1:A5:65:7A:8F:23:C2:68:CA:70:93:B3:AA:FF","sha256":"5A:21:64:0C:22:9B:01:A0:D2:BC:CA:02:4F:E8:51:ED:BA:CC:51:27:0E:87:6A:6E:E6:0D:88:64:AB:D1:3F:30"}}},"request":{"raw":"GET /wikipedia/commons/3/36/MetaMask_Fox.svg HTTP/1.1\r\nHost: upload.wikimedia.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 21 May 2026 09:16:10 GMT\r\nserver: ATS/9.2.13\r\netag: W/d206794f79a670efe19d23659fe7ccec\r\ncontent-type: image/svg+xml\r\nx-object-meta-sha1base36: 5kkedovp14ls5j1hfds1y3qwdy3f1fe\r\nlast-modified: Wed, 31 Aug 2022 12:03:40 GMT\r\ncontent-encoding: gzip\r\nage: 76316\r\naccept-ranges: bytes\r\nx-cache: cp3076 hit, cp3076 hit/3810\r\nx-cache-status: hit-front\r\nserver-timing: cache;desc=\"hit-front\", host;desc=\"cp3076\"\r\nstrict-transport-security: max-age=106384710; includeSubDomains; preload\r\nreport-to: { \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error\u0026schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\r\nnel: { \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\r\nx-client-ip: 91.90.42.154\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache\r\ntiming-allow-origin: *\r\nset-cookie: WMF-Uniq=_1ljntpf_mbMWt8oUV9K6gNoAAAAAFvdPvcHFcw6yG5-Bp45p0PCOHFhcG5UA9A0;Domain=upload.wikimedia.org;Path=/;HttpOnly;secure;SameSite=None;Expires=Sat, 22 May 2027 00:00:00 GMT\r\ncontent-length: 1031\r\nx-request-id: b7cadf3d-9ef5-450e-b70a-7cee9e3aede1\r\nx-analytics: \r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache Traffic Server:9.2.13","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2479,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d206794f79a670efe19d23659fe7ccec","sha1":"2fb1e4b2911bff3c633524bd9cb83d1953c32ffa","sha256":"cd6a85f5cdc27987405eddb33f8c620f9a3701d0925704070e6b013ddd80255e","sha512":"a37273a3e6fdc727b97c7e6a9171788e9c17280c608ff749aa2eaa5849a1acbc45b9e71b303ecb820cfc628a5f846d034b992100a9b32f85ecbb28ed6b6beed5","ssdeep":"","tlshash":"be51ab59a3694d7efd634b68d33d36b2206211ef2a50b74c897704b072249cca2bfde0","first_seen":"2023-07-08T22:23:37Z","last_seen":"2026-06-05T07:21:43.646681Z","times_seen":393,"resource_available":false,"data":null}},"time_used":418,"timings":{"blocked":164,"dns":110,"connect":24,"send":0,"wait":74,"receive":6,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.prod.website-files.com/67d18e6ae9761e7206380e1e/67d18e6ae9761e7206380e4f_Ledger-Icon.svg","fqdn":"cdn.prod.website-files.com","domain":"website-files.com","tld":"com"},"ip":{"addr":"104.18.160.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prod.website-files.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 06 Apr 2026 04:21:54 GMT","end":"Sun, 05 Jul 2026 05:21:51 GMT"},"fingerprint":{"sha1":"01:0C:14:4A:BC:A8:74:FF:AB:42:F0:82:53:F6:FC:F8:0A:DA:9E:61","sha256":"DE:0B:A2:CB:B3:13:8F:13:F5:23:54:3A:95:01:72:0C:79:1C:54:C7:EB:1C:F0:00:21:CD:6E:2C:15:0A:B5:07"}}},"request":{"raw":"GET /67d18e6ae9761e7206380e1e/67d18e6ae9761e7206380e4f_Ledger-Icon.svg HTTP/1.1\r\nHost: cdn.prod.website-files.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 May 2026 06:28:07 GMT\r\ncontent-type: image/svg+xml\r\nx-amz-id-2: xKLsg8Sv9I5P/nOzISxpSqG3Rx/0rNHsZxSxv1qNi8ibKVv+2f6/uBMiHJglb3r23cTFKgVj3+M=\r\nx-amz-request-id: 86Y0JSGH9RZ60KAM\r\nlast-modified: Wed, 12 Mar 2025 13:38:51 GMT\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=31536000, must-revalidate\r\nx-amz-version-id: D_fD5H.jfMGvdhCFK4.akkO2ressXqN7\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nage: 7119836\r\ncf-cache-status: HIT\r\netag: W/\"17494ffed18fd083d95c37401d713ea4\"\r\ncontent-encoding: br\r\ncf-ray: 9ff9c2492d023181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":624,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"17494ffed18fd083d95c37401d713ea4","sha1":"0ba05b3284f0ecb55a59d229278981ff102cb19f","sha256":"f7f4852015ad2725d76e46b05c5a57d9a47c92d8a504fae5c67e9bf20e03be22","sha512":"9cd4f26c641d8cbcbb48f63a547db88b3011ad380567d343444adae637566cf68844350c157655d47e36127d4dfc94e0006cebcf659e259535e86be3039db888","ssdeep":"","tlshash":"92f049f5514c86846f1c072b762b7515a7b761c3ae76d015ebc0273b7c18994389de4c","first_seen":"2026-05-22T06:28:33.107973Z","last_seen":"2026-05-22T06:29:18.092266Z","times_seen":2,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":64,"dns":54,"connect":4,"send":0,"wait":49,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.brandfetch.io/idPAdGj5ns/w/200/h/200/theme/dark/idNOxU154M.png?c=1bxid64Mup7aczewSAYMX\u0026t=1768403698411","fqdn":"cdn.brandfetch.io","domain":"brandfetch.io","tld":"io"},"ip":{"addr":"52.84.50.48","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.brandfetch.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 23 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"16:F2:DF:8B:7B:F2:05:42:93:2B:E8:AE:7D:92:38:A0:B7:BE:2F:D2","sha256":"6A:D1:91:2C:6C:2F:C8:4B:62:FF:BD:D2:92:2D:DF:99:02:68:AE:40:2E:C5:DC:C4:37:AF:12:BE:BB:16:DD:3A"}}},"request":{"raw":"GET /idPAdGj5ns/w/200/h/200/theme/dark/idNOxU154M.png?c=1bxid64Mup7aczewSAYMX\u0026t=1768403698411 HTTP/1.1\r\nHost: cdn.brandfetch.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: CloudFront\r\ncontent-type: image/png\r\ncontent-length: 1320\r\ndate: Fri, 22 May 2026 00:43:00 GMT\r\napigw-requestid: dvb3OgtRoAMEPtg=\r\nlast-modified: Wed, 14 Jan 2026 15:14:58 GMT\r\nreferrer-policy: no-referrer-when-downgrade\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\ncache-control: public, max-age=86400, immutable\r\netag: \"6e0-UlHxIHupzgLA/14JB1c0XIhYCcM\"\r\nvia: 1.1 b5699d1b7e44f0e87927693889ab2666.cloudfront.net (CloudFront)\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: aOWCKFsX0DSJN9VsKCilnmeRtPhbs_tu8f5AUkyzLcvxBWC7mxrV0Q==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1320,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"8979124dfd38a97479be72537a734a78","sha1":"b0095da6c8ce7792ed6149a0fab9035561ee6445","sha256":"469460de80e132acc5f2f15ab1a5a8961c1a9b098eb17eae71f78972bffb063b","sha512":"ce6163fcf224d72ff511bfe29b2ffd8dc2d3790685f178f1f3e1181f47811e780a0887f3eadb27c57d0618d7e670943503b01ccef399960199cdf735c1431cbb","ssdeep":"","tlshash":"49215397b6025d15fc26c17b5f2a7b74c419fceb8a12801fb15811201d6248acffc16a","first_seen":"2026-05-22T06:28:33.11112Z","last_seen":"2026-05-22T06:29:18.112117Z","times_seen":2,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":97,"dns":90,"connect":1,"send":0,"wait":32,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.brandfetch.io/id_HKIytUb/w/400/h/400/theme/dark/icon.jpeg?c=1bxid64Mup7aczewSAYMX\u0026t=1667812683560","fqdn":"cdn.brandfetch.io","domain":"brandfetch.io","tld":"io"},"ip":{"addr":"52.84.50.48","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.brandfetch.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 23 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"16:F2:DF:8B:7B:F2:05:42:93:2B:E8:AE:7D:92:38:A0:B7:BE:2F:D2","sha256":"6A:D1:91:2C:6C:2F:C8:4B:62:FF:BD:D2:92:2D:DF:99:02:68:AE:40:2E:C5:DC:C4:37:AF:12:BE:BB:16:DD:3A"}}},"request":{"raw":"GET /id_HKIytUb/w/400/h/400/theme/dark/icon.jpeg?c=1bxid64Mup7aczewSAYMX\u0026t=1667812683560 HTTP/1.1\r\nHost: cdn.brandfetch.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: CloudFront\r\ncontent-type: image/jpeg\r\ncontent-length: 8657\r\ndate: Fri, 22 May 2026 00:42:59 GMT\r\napigw-requestid: dvb3BgaSoAMEZdA=\r\ncache-control: public, max-age=86400, immutable\r\netag: \"2d18-rdlY6xzItZY9zMNv6uzteArdIsE\"\r\nlast-modified: Mon, 07 Nov 2022 09:18:03 GMT\r\nreferrer-policy: no-referrer-when-downgrade\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nvia: 1.1 b5699d1b7e44f0e87927693889ab2666.cloudfront.net (CloudFront)\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: dloYyxy-25AyuPpzJePZ0nFq9KZYLQWrza8KUl64-furB5etQ_E86g==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":8657,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=bf@v1], baseline, precision 8, 400x400, components 3","md5":"ea59c55722a7058c7d38fe48af208494","sha1":"01fc78ab4ff08dced9cd6a94d834e86cdfc0c0fd","sha256":"50fe192f0d2b302cadd8b3ac97fc032909a9d1f2919176526dfdd2781a3d1bee","sha512":"ae3fb44c940371f8ed222a898056a703c323fe1338c221d8f0455da9964a1697ee42dd82475b212bd98a52eb9c7f03c26844aee1f6c5a1b07cc67e07ed9590be","ssdeep":"192:/0X89R2TxMbdfGjZJEDT2ar9OXb1TwjWvjn+lKR7QvPc1QGwzxuSu:/S8H2TjjkbrqTwWb+8RMv7duv","tlshash":"87029ee0780525e3e533fe30d8d1fb208e2749a898a566df69d2c43bb621074161e7be","first_seen":"2026-05-22T06:28:33.113811Z","last_seen":"2026-05-22T06:29:18.105868Z","times_seen":2,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":85,"connect":0,"send":0,"wait":31,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claimallocation.finance/favicon.ico","fqdn":"claimallocation.finance","domain":"claimallocation.finance","tld":"finance"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimallocation.finance","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 23:33:46 GMT","end":"Wed, 19 Aug 2026 23:33:45 GMT"},"fingerprint":{"sha1":"1C:7C:E0:C4:FF:93:01:F0:1E:03:07:53:27:64:6B:C5:F3:EF:7D:CC","sha256":"3B:DC:AE:F6:B7:71:DC:78:CE:29:21:96:C8:E4:0E:E9:74:4E:23:A3:9A:0B:B7:92:2A:0B:44:B8:83:F6:B3:4B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: claimallocation.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nage: 12355\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 22 May 2026 06:28:07 GMT\r\netag: 1778895439-ssl-df\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KS75XANNHJQWHA3GDFE5QCFK\r\ncontent-length: 1203\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":3449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"0f89e18d0abacb99149c5e59bf69b5e1","sha1":"9e1ebb10be890c5855eec444233c028270d3e65a","sha256":"8514f0009a58c6e0acb5468f88037732b59b70af5e524f452e3bef8fb33effc5","sha512":"5275d80f3f8f1f5e0d1b6b6b0745732a69d669d66dcdab418fc5a2094bffcb81ff1d34252c97c6dffe5470f0d359a3be03cfd3dfe3d729bf186917c8cf21ece0","ssdeep":"","tlshash":"1f61848dc9a7209b5c93643e27eb560a2274a247cd46da4c3fde6348cf492f214d36ac","first_seen":"2024-12-12T10:00:11.490986Z","last_seen":"2026-06-06T14:53:56.444279Z","times_seen":11715,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claimallocation.finance/","fqdn":"claimallocation.finance","domain":"claimallocation.finance","tld":"finance"},"ip":{"addr":"35.157.26.135","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-22T06:28:06.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimallocation.finance","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 23:33:46 GMT","end":"Wed, 19 Aug 2026 23:33:45 GMT"},"fingerprint":{"sha1":"1C:7C:E0:C4:FF:93:01:F0:1E:03:07:53:27:64:6B:C5:F3:EF:7D:CC","sha256":"3B:DC:AE:F6:B7:71:DC:78:CE:29:21:96:C8:E4:0E:E9:74:4E:23:A3:9A:0B:B7:92:2A:0B:44:B8:83:F6:B3:4B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: claimallocation.finance\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 16197\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Fri, 22 May 2026 06:28:06 GMT\r\netag: \"29fc3e3ef2d52daf6101b80aa3df7ba0-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KS75XA4PA5471M57X7Q1HJP8\r\ncontent-length: 3174\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":9577,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (435), with CRLF line terminators","md5":"0e6406df55555a6225988355bc2c9bc3","sha1":"e4b6938e034bff5909834dec63ac96c51a62c2a6","sha256":"1c38e14cdc2f9d39b35d43c4cfc1b50c24b2f4fa62cb5ae4da90d16bbe23ea3e","sha512":"364d6e53e0af4ec7d6f60d388ee8c951a81871d5f30d35c368d5c78af4bef21a20042344ee5d62a1abb3593f97a7f2990e1ce563f8a768bca6714c2fd0775d88","ssdeep":"192:TSckr4v/JPWm43UZ/1Obu9pKyw46+hPkB5Zc:WdUVWm4gl93w4Sc","tlshash":"8312fa233181102156b3d2e6f9b3c78efa608107db424595b9eca2969fbdc80d4b7bcc","first_seen":"2026-05-22T06:28:33.117878Z","last_seen":"2026-05-22T06:29:18.109918Z","times_seen":2,"resource_available":true,"data":null}},"time_used":385,"timings":{"blocked":178,"dns":13,"connect":22,"send":0,"wait":24,"receive":0,"ssl":145},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"claimallocation.finance/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"www.exodus.com/brand/img/logo.svg","fqdn":"www.exodus.com","domain":"exodus.com","tld":"com"},"ip":{"addr":"104.18.36.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exodus.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 06:01:30 GMT","end":"Sun, 16 Aug 2026 07:01:22 GMT"},"fingerprint":{"sha1":"66:0E:B0:CB:AC:8A:82:17:98:75:EC:5E:B8:6C:41:38:1D:DF:37:9A","sha256":"91:1B:A7:F5:D0:D6:E5:AD:F0:DC:F8:87:5E:D2:0A:BE:3E:38:78:D7:8A:97:BF:59:D0:55:BE:39:E7:3F:B1:57"}}},"request":{"raw":"GET /brand/img/logo.svg HTTP/1.1\r\nHost: www.exodus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 May 2026 06:28:07 GMT\r\ncontent-type: image/svg+xml\r\nset-cookie: _cfuvid=Yqa0V82BTYhGcwsbzI8t7OSco8z0tcHf4lcJcn__Deo-1779431287.208416-1.0.1.1-dWF7bh0JWExYhOivvRhEN6E52rJAS0CP90Ftknqzedg; HttpOnly; SameSite=None; Secure; Path=/; Domain=exodus.com\r\ncf-cache-status: MISS\r\ncontent-security-policy: frame-ancestors 'self'\r\ncross-origin-opener-policy: same-origin\r\nfeature-policy: geolocation 'none'; camera 'none'; microphone 'none'; usb 'none'; payment 'none'\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: sameorigin\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9ff9c2490cd01a30-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2361,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1a62c84f251c8d224483a78878e673df","sha1":"a89603b1b0c5c653a17f8a0c1fe2e64b4f879ec6","sha256":"f3aacd4a1ab60e14b1d638f144960a808a31bd8aae073d531bc7305639b30cd0","sha512":"3879b6e68a3ba13ced412130dbe388230d6d6e52ec40e02850aeb829992c11bcf99dcfdfc5d5e2f100b0ea284c63bd7e1695245f7f0351c4478bf8db41bfd0e5","ssdeep":"","tlshash":"0341cc3ef63aec17e714e6dcfd544439914b81f2c9c14221c2a1bf9a25159c21e2ebe7","first_seen":"2025-04-18T11:22:59.804264Z","last_seen":"2026-05-29T00:43:19.504012Z","times_seen":126,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":61,"dns":35,"connect":1,"send":0,"wait":94,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"upload.wikimedia.org/wikipedia/commons/1/17/Exodus_Wallet_Logo.png","fqdn":"upload.wikimedia.org","domain":"wikimedia.org","tld":"org"},"ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimallocation.finance/","date":"2026-05-22T06:28:07.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.wikimedia.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 05:51:37 GMT","end":"Sun, 12 Jul 2026 05:51:36 GMT"},"fingerprint":{"sha1":"62:23:EE:89:97:A6:C1:A5:65:7A:8F:23:C2:68:CA:70:93:B3:AA:FF","sha256":"5A:21:64:0C:22:9B:01:A0:D2:BC:CA:02:4F:E8:51:ED:BA:CC:51:27:0E:87:6A:6E:E6:0D:88:64:AB:D1:3F:30"}}},"request":{"raw":"GET /wikipedia/commons/1/17/Exodus_Wallet_Logo.png HTTP/1.1\r\nHost: upload.wikimedia.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimallocation.finance/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nx-object-meta-sha1base36: 6lwjqv4od1ugs30r1lmup5lqgu9ngne\r\nlast-modified: Tue, 19 Aug 2025 19:22:28 GMT\r\ncontent-length: 217595\r\ndate: Fri, 22 May 2026 06:23:46 GMT\r\nserver: envoy\r\netag: 94c7bf2251c5cc4a47bd6e3b94ac4d77\r\nage: 260\r\naccept-ranges: bytes\r\nx-cache: cp3076 hit, cp3076 hit/1\r\nx-cache-status: hit-front\r\nserver-timing: cache;desc=\"hit-front\", host;desc=\"cp3076\"\r\nstrict-transport-security: max-age=106384710; includeSubDomains; preload\r\nreport-to: { \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error\u0026schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\r\nnel: { \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\r\nx-client-ip: 91.90.42.154\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache\r\ntiming-allow-origin: *\r\nset-cookie: WMF-Uniq=5CYLiNj3Ezdv3fd5zVml2QNoAAAAAFvdQye0Ig-Hpfddcyw_4ok_h2sXke1mDE2B;Domain=upload.wikimedia.org;Path=/;HttpOnly;secure;SameSite=None;Expires=Sat, 22 May 2027 00:00:00 GMT\r\nx-request-id: 19f5d6fe-dd56-4c38-96db-871449fa5788\r\nx-analytics: \r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":217595,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"94c7bf2251c5cc4a47bd6e3b94ac4d77","sha1":"3892e2e05a52932e8dad2b1f1184912755b3150a","sha256":"b32834629c27175b87cc69730c0c76e43bbd398ac9726c1941eace1297a75a8b","sha512":"8a706f51a27f07513eedb2dcbafddfc78c7f5a59c9903361b93f52dd612c91ccaee87a27b9210fff1464a0da147a0e946f9c9f8ffabd88d0149b71a31777656f","ssdeep":"6144:AWKnhpI4iM7goB0HnzdPndmSs25A58uoH:chpI4F0oBwlndmHCz","tlshash":"0b2423048d3ab5dad11ee97ef722d9ad1cbdb8344c58b692a123e914101c9088bfbd5f","first_seen":"2024-03-16T22:33:34Z","last_seen":"2026-05-22T06:29:18.088665Z","times_seen":34,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":169,"dns":114,"connect":25,"send":0,"wait":41,"receive":71,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}