{"report_id":"5e96601e-1382-4b9f-9028-fabd3a65fb65","version":6,"status":"done","tags":[],"date":"2026-01-07T08:11:27Z","url":{"schema":"https","addr":"button.claims","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"172.67.147.171","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"button.claims/","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"title":"The Future of Bitcoin is Tailored | Button","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"button.claims","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"172.67.147.171","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-11T08:11:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":8,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:06Z","timestamp":1767773466,"ip_dst":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":37616,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI","source":"{\"timestamp\":\"2026-01-07T08:11:06.738996+0000\",\"flow_id\":1874096448743961,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":37616,\"dest_ip\":\"172.67.74.152\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2047703,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_22\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"External_IP_Lookup\"],\"updated_at\":[\"2023_08_22\"]}},\"tls\":{\"sni\":\"api.ipify.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":915,\"bytes_toclient\":3511,\"start\":\"2026-01-07T08:11:06.731673+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:06Z","timestamp":1767773466,"ip_dst":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":37630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI","source":"{\"timestamp\":\"2026-01-07T08:11:06.745491+0000\",\"flow_id\":2103617353558912,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":37630,\"dest_ip\":\"172.67.74.152\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2047703,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_22\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"External_IP_Lookup\"],\"updated_at\":[\"2023_08_22\"]}},\"tls\":{\"sni\":\"api.ipify.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":915,\"bytes_toclient\":3511,\"start\":\"2026-01-07T08:11:06.732032+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:06Z","timestamp":1767773466,"ip_dst":{"addr":"172.67.68.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56300,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (binance .llamarpc .com)","source":"{\"timestamp\":\"2026-01-07T08:11:06.775457+0000\",\"flow_id\":2230447737840859,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":56300,\"dest_ip\":\"172.67.68.151\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058790,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (binance .llamarpc .com)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"binance.llamarpc.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":922,\"bytes_toclient\":3522,\"start\":\"2026-01-07T08:11:06.763099+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:06Z","timestamp":1767773466,"ip_dst":{"addr":"172.67.68.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56314,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (binance .llamarpc .com)","source":"{\"timestamp\":\"2026-01-07T08:11:06.780829+0000\",\"flow_id\":1508369246103064,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":56314,\"dest_ip\":\"172.67.68.151\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058790,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (binance .llamarpc .com)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"binance.llamarpc.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":922,\"bytes_toclient\":3524,\"start\":\"2026-01-07T08:11:06.763416+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:06Z","timestamp":1767773466,"ip_dst":{"addr":"20.105.41.175","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Ireland","country_code":"IE"},"ip_src":{"addr":"Client IP","port":57464,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (1rpc .io)","source":"{\"timestamp\":\"2026-01-07T08:11:06.787034+0000\",\"flow_id\":1346096791747901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":57464,\"dest_ip\":\"20.105.41.175\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058788,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (1rpc .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"1rpc.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1604,\"start\":\"2026-01-07T08:11:06.720189+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:06Z","timestamp":1767773466,"ip_dst":{"addr":"20.105.41.175","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Ireland","country_code":"IE"},"ip_src":{"addr":"Client IP","port":57468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (1rpc .io)","source":"{\"timestamp\":\"2026-01-07T08:11:06.823621+0000\",\"flow_id\":282862605211581,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":57468,\"dest_ip\":\"20.105.41.175\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058788,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (1rpc .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"1rpc.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3444,\"start\":\"2026-01-07T08:11:06.759741+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:07Z","timestamp":1767773467,"ip_dst":{"addr":"54.74.234.52","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"ip_src":{"addr":"Client IP","port":37846,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed3 .bnbchain .org)","source":"{\"timestamp\":\"2026-01-07T08:11:07.244601+0000\",\"flow_id\":929635287933691,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":37846,\"dest_ip\":\"54.74.234.52\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058797,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed3 .bnbchain .org)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"bsc-dataseed3.bnbchain.org\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"50a9e7b112931e541503e8a2499252b9\",\"string\":\"771,49199,0-11-65281-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":3168,\"start\":\"2026-01-07T08:11:07.172795+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-07T08:11:07Z","timestamp":1767773467,"ip_dst":{"addr":"54.74.234.52","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"ip_src":{"addr":"Client IP","port":37838,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed3 .bnbchain .org)","source":"{\"timestamp\":\"2026-01-07T08:11:07.249132+0000\",\"flow_id\":1099494802039407,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.37\",\"src_port\":37838,\"dest_ip\":\"54.74.234.52\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058797,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed3 .bnbchain .org)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"bsc-dataseed3.bnbchain.org\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"50a9e7b112931e541503e8a2499252b9\",\"string\":\"771,49199,0-11-65281-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":928,\"bytes_toclient\":3168,\"start\":\"2026-01-07T08:11:07.172655+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"bsc-dataseed3.bnbchain.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"button.claims","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-11T13:05:52.631851Z","last_seen":"2025-11-11T13:05:52.631851Z","alert_count":65,"request_count":22,"received_data":13739795,"sent_data":10141,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"PHP:8.4.16","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"1rpc.io","ip":{"addr":"20.105.41.175","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Ireland","country_code":"IE"},"domain_registered":"2022-08-02","domain_rank":47066,"first_seen":"2022-08-18T07:06:26Z","last_seen":"2026-01-07T07:56:09.910851Z","alert_count":0,"request_count":2,"received_data":5428,"sent_data":989,"comment":"","tags":null,"fingerprints":null},{"fqdn":"binance.llamarpc.com","ip":{"addr":"172.67.68.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-02-07","domain_rank":2101135,"first_seen":"2023-09-18T00:31:06Z","last_seen":"2026-01-02T18:16:07.527076Z","alert_count":0,"request_count":2,"received_data":7673,"sent_data":1009,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"bsc-dataseed3.bnbchain.org","ip":{"addr":"54.74.234.52","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2020-01-13","domain_rank":5059613,"first_seen":"2023-12-07T18:13:02Z","last_seen":"2026-01-07T00:19:23.431904Z","alert_count":2,"request_count":2,"received_data":7443,"sent_data":1021,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.prod.website-files.com","ip":{"addr":"104.18.160.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-01-23","domain_rank":20159,"first_seen":"2023-11-01T22:05:38Z","last_seen":"2026-01-05T03:47:56.659548Z","alert_count":0,"request_count":4,"received_data":1875429,"sent_data":2155,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-01-04T22:21:06.427471Z","alert_count":0,"request_count":2,"received_data":798861,"sent_data":896,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"api.ipify.org","ip":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-01-05","domain_rank":8166,"first_seen":"2014-10-06T12:38:43Z","last_seen":"2026-01-05T07:07:38.104736Z","alert_count":0,"request_count":2,"received_data":512,"sent_data":854,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-01-04T22:27:18.120727Z","alert_count":0,"request_count":1,"received_data":239257,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"button.claims/","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T22:12:46.893125Z","times_seen":212995,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d9c6de0df2bf028d93924aff92487904","sha1":"6596050516dd12af52d9b0e7b18ed837f1d81300","sha256":"769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc","sha512":"6be4940eec0dcd70efcf85eb21c5c7b827f4f3dfe2240a0de259ab5c9835f179ddb8a2ba6250c73516a5bf8c9dd4de3438a23cd2d162745faba9314a18fa1615","ssdeep":"1536:R8K6Znxmj9rlvCOhI64j7AtSPtNPU9ArHMLlk:RV6+jKOh4z","tlshash":"65535bc0629c5491a3b76480087f740b7073353b0a1d5aacf658faefacacad6907cd39","size":60819,"data":"","first_seen":"2023-11-02T21:20:28Z","last_seen":"2026-04-22T20:42:31.258414Z","times_seen":29641,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c79c0b97f1514d5d91246f1aabae5cb2","sha1":"1a469cd3a894c4e1b7c8454d6dce18e3f98b803b","sha256":"f12bd8f0aa6ce240a58420f8a1a579ea1012ce77de69049b1ad59ac498bbcb76","sha512":"e24d4d0ddabf42ee2adf183a9cea6d56778fac042ff586e3b790f3f15cc3318dc76d8779bf156c3f611cde724984739d717711f524cf7b88b90edd56732a49f4","ssdeep":"","tlshash":"14e02e286ea614f926b335d5cb1f7280e86000736081c802fd2cf68a0f80e1938b1fce","size":310,"data":"","first_seen":"2025-11-02T16:42:00.657688Z","last_seen":"2026-01-07T08:11:43.801068Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/d5a4599d-a02a-473c-8fd5-29ad5d31c9ef","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"535a87e237971453846adb12218f08c9","sha1":"d85a20ae3a853d576cd7d93adc5619dc1f8ee730","sha256":"6c6e490d2308cd90715d4e53240bd966fe32b46639f8ecb0af9e2600bc9cbaac","sha512":"4241153ffada2196fe22bb14a50c745433533e98f92db7a589b4ca667acbf97fec4c8a6aed4438aa7743307507cdc55471853c8cc8b6094ecc41bed8a3480a72","ssdeep":"24576:kW2yrK+cP7ykWIx49KVLnmeruJ/rA1qBN+JeqID8+IG+EVi/y+tQk75yxm:k+OdDyq","tlshash":"3a36b577c104de6489b1e3ab07b588d4c73cf6c0894da148f93d68d5ab8d9931cf6a2b","size":4893282,"data":"","first_seen":"2025-11-02T16:42:00.655332Z","last_seen":"2026-01-07T08:11:43.824513Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"84a633311838f46431962db1b7683db3","sha1":"8427f7933a11445d81f50d49bcfd7832e03731b9","sha256":"5b1d543798b69f76d4e3f1f543572f6dc7a868bc6ad0fa7dd079b04129845ff1","sha512":"7ee64067a391de8d1cdb8cb545e79ae6fcaf052d6ca762b2a4fba84e3650d6137f8d6beaa75e5a20f70034cebb4fc4d5f0242001d4a043efb2b54315b29532d1","ssdeep":"","tlshash":"48d097a82e96133823b32164c31f928037f08003a0e0f8023a1ce1c70fd1e1000bf4db","size":283,"data":"","first_seen":"2025-11-02T16:42:00.660684Z","last_seen":"2026-01-07T08:11:43.801899Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ethers.umd.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"268d19762594655239a29d058a7e8b44","sha1":"f06da2f7a68114b8dda38a0d782d65ddacc9c0e8","sha256":"95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618","sha512":"55e6b3e48536891a5ad0106b26525e4607c9ece0075ad5496535ef81d1fbb377dfb0b50286594c0aa0b405bf9e791c4696b674ea260813f4772ac7220ab82fdc","ssdeep":"12288:TfLmYQI/yjP+H8Xb29/nNUgE6te1R5WJW:TfCPalnNfE6taD","tlshash":"29f42b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","size":735973,"data":"","first_seen":"2023-03-07T12:58:29Z","last_seen":"2026-04-22T16:00:31.045906Z","times_seen":8407,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/57c6ee18-4faa-4387-a17f-e623e5e4cbcb","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"05997da4a9c3d58ef33a7cf3d716af57","sha1":"3a7a7913c31aa2787a11dc6ba6fb5b5f2c525ac1","sha256":"e268ded9f58238c3885b4e0e83ddf10ea9552c488dd25538c8569ec2beff7eb9","sha512":"83413571115e6b39abe7e3b6573a81b3198125b35ae13e31d14c7cb3c81790b24a11cd81531a58922386bbf6e2d41ab6e449fc3206c8b7f20932820cdf58aefe","ssdeep":"49152:D+2KKNjyR5WP4CQjNn9GU6lCLsSPOnLUfJ8KZTcbQQqG7r8aQO/iSJNHoRO2sxSQ:RD8ew45JV","tlshash":"20f591496bf660358213f0795e6f8801b234a40b2949ed5c7e9c92f09f4953c8bf6fe9","size":3517001,"data":"","first_seen":"2025-07-12T22:38:09.134446Z","last_seen":"2026-04-20T10:46:48.743198Z","times_seen":4165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/de1ec8be-9aec-4258-bde2-48a2a6bd49ab","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec26a722169cb2cef03353fcf8dd144a","sha1":"6eec6673abcde3d29547796a38361256d9efde1c","sha256":"01861fcd47bc63bb7be76c480bad4c6cc987c8996ab0e023a4e692b68c94b05c","sha512":"c885e5d94bd96fa4a573524356e0ca7398b1489f5a39fc1120cf7f4e469950630ad3e9f48dd0392acd36da390c27a4be1e81da943d1d9ecd48890d1691e416cf","ssdeep":"6144:Ufg7z90bnvLZqnWTI9esVTMuyEvtzXNglxQP92L:VzBe6kEdOxQoL","tlshash":"bf740980b261b07247da24e10477540af339e96c744a40acf6a8d8fb7dbd589957ff38","size":357754,"data":"","first_seen":"2025-07-12T22:38:09.13306Z","last_seen":"2026-04-20T10:46:48.744094Z","times_seen":5078,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"290f2693531b75e4376c03efb2e445ba","sha1":"b7d99187eb7703bdc3e0d91432b1e6108b57bca5","sha256":"b2464a6e184f8e48f9dd9b02483cf8f9a049eb5ddf47bc900d570fe387613ae6","sha512":"13b68e7b1f8f4e9278ab87f46f2f9d12a9c7a48351d18265afce4d59c501c11bc510195ba10aeaf6c5c17cfd996a9ce4c639c162752cf6ea4b026e5fd6875e4d","ssdeep":"","tlshash":"5fe0863935761574097b986fc74b934b7da2141b5001e8167d4c914b0fa4f1034e6599","size":350,"data":"","first_seen":"2025-03-07T16:16:50.325983Z","last_seen":"2026-04-14T17:11:19.611195Z","times_seen":209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T23:10:13.468945Z","times_seen":623641,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-22T23:09:57.257353Z","times_seen":310546,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"button.claims/68bae05408fd6e2f28e05b84_button.png","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:01.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68bae05408fd6e2f28e05b84_button.png HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 2347\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: \"6907eaf0-92b\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6BMgk4zaTPUHJP%2B1hPtCXfTDKk%2Btg0hSgPd%2FffptHTlClonnXtla5o2lSjh6h4gd6cExAqxSFCPR%2B8BjT9LZBpPXzaBtpT2gh3jm\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb67edc25688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":2347,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"920ab4b6e9876bb83e7b0cc15dc87007","sha1":"59fc21c5960d8be423a152b8b3cd5d080da795ea","sha256":"c936d2886f93905312f36e9c92941151ccc77eb0c23f4441880fd27578b64443","sha512":"40b1e571cf87c643533ae05982e94cd31c2d721d25398e91fe1f7b2c096eb99183daa78a5a11adf903b97e4842c5f9c1ccba3d5d4c60073c9b5c7258a01f6813","ssdeep":"","tlshash":"ce412bbe6b80a74ac54c2fb101fb9200c5f1f85059c6696a79aecc174f813e251dface","first_seen":"2025-11-02T16:42:00.600248Z","last_seen":"2026-01-07T08:11:43.794595Z","times_seen":4,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68b8ce3f948e316dd7bbd571_68c42e982b30085ae8765e5b_button_bully-transcode.mp4","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://button.claims/","date":"2026-01-07T08:11:05.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68b8ce3f948e316dd7bbd571_68c42e982b30085ae8765e5b_button_bully-transcode.mp4 HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 07 Jan 2026 08:11:05 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 7991890\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-79f252\"\r\nx-powered-by: PleskLin\r\ncontent-range: bytes 0-7991889/7991890\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ewwSrV4GMYozGQS0eTH57KyBpIKIUIpCYSU4byg6bY28UQ6aseThIepxvtkQGZA%2BPLj90uzvoTx46gdeCz6YuV5haAoaF50c5c3S\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb7ce9645688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":434176,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"1b0d1e6752a0d1dfe2827fa70d82ef75","sha1":"26ceb876bef90de39157e8b8aad154d8d9fd0122","sha256":"662a42c75b1c10f01380dd92ebf63dba102e27bf80fefaa4dc3f2d96038b9f0c","sha512":"95c1060eff48a32da9e24172d22db1b190cb0e24e659224fe7671c22e62f605dee7a4255fb762236cd637775ba8814621e7e2cb6c96d416031d45ac0db43888f","ssdeep":"12288:TLcy7QfRecrlPk3w+BOvWoQihYMRhf3Pv3x:TYy7QReGkA+BO+HCYM3f3h","tlshash":"cb94225987a68d19d92b45386c9d27eb373ad341ab9fd34f4380927cfd6a20c1f4a702","first_seen":"2026-01-07T08:11:39.762823Z","last_seen":"2026-01-07T08:11:39.762823Z","times_seen":1,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":144,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/lenis.css","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /lenis.css HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: text/css\r\ncontent-length: 196\r\nserver: cloudflare\r\nx-accel-version: 0.01\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: \"146-642a5109c9c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-powered-by: PleskLin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cwOaabn3NWNnBEqzbOzDbMiP3V9rS3KHIX2RUPJNKtOoMhPCSx%2F3jgLm6FToxn%2B%2Fb%2BGi1BINCD8HrVC6BHXDpUMzs6brWYPLeRJi\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb602e7c5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":326,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (325)","md5":"a3103726f660f10baecdbd1ce2c09370","sha1":"189d8e18430c1ac96929e4e5da240df0cb3216f8","sha256":"39017b276da179d72743a744f4e92bc00381b8c4f01fda7bc59666118d4374c4","sha512":"56b75a18a9b5d45ccf7cc81cb9527ff5b2d1ccd737b66353820a1fa4e889319440aed2752c363abcb3c6dcaaebd6b1cf56f8c640d073beb093b877a509f7d690","ssdeep":"","tlshash":"90e02623920c1c12ce4ac3160a83221f9a75c8c8bd72c92c7340eec5c89162a146aee2","first_seen":"2025-06-24T20:01:01.204618Z","last_seen":"2026-04-20T10:49:23.895236Z","times_seen":157,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68c456ef83716e76a7ef8730_img2.png","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68c456ef83716e76a7ef8730_img2.png HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 620768\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-978e0\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kuXSoL1A%2FmikN6sprrdbGM3UuLFgY2n2W4u1oTpJ7O5nAC5BsJyPoUqzvkEkXRt1IR0TjeHW%2Bo8MTG1b%2BWgarJojEo7kfQDruixI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb603e8a5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":620768,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1118 x 746, 8-bit/color RGBA, non-interlaced","md5":"ec9998d374e8ea083e77b8e0cf2866d1","sha1":"f565658a75a20553ef4a73f1ddba3aacbebf874e","sha256":"26cef6c531070b460e17b1cdc23d96bcaf52ab56a5c566148d97c3e1714c052e","sha512":"0d450ce533b83a85e4650f20d3c5002af6262f64572cdede6d612a7b0b4fe0a3201266cae902ac0070dcb537cdf5f681ffaf692b531f125595ba1fd073170f23","ssdeep":"12288:H2wUVT5/J8Nh6m5S1VEoFNYt1ywTsYxR+xkNgS0cGPh/+zFGQ7cssT/f03HdS:iVpJ3m5S1ZLYOwTspmEhWpGQAsA/WdS","tlshash":"6ad4231faf2ac71ffad40cd1e745eb0e46f411a8b1764b1a1e762ac129de4ce4917c82","first_seen":"2025-11-02T16:42:00.608776Z","last_seen":"2026-01-07T08:11:43.759289Z","times_seen":4,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":182,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68b8e50a067442ad74ffbd4c_bridges.avif","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68b8e50a067442ad74ffbd4c_bridges.avif HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/avif\r\ncontent-length: 611\r\nserver: cloudflare\r\nx-accel-version: 0.01\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: \"263-642a5109c9c00\"\r\naccept-ranges: bytes\r\nx-powered-by: PleskLin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3%2BjfvpADqcxWRxqYqqr6l%2FxTo8Q9Xv3m1PfzAS5kvCHJwWPZxhYqY6X%2B9D%2Ffu1%2BlnNSq%2FKA%2FlPgQ3BIg%2FTiDUL8OZj1wtdrLZLQc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb603e905688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":611,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"1ae847ad6ab8c4749c9e1c0d82127568","sha1":"863f763cb8ac7dcfd34a202fe1c8c45be0b07a87","sha256":"350ca9c04c39b4802feb460206508c11a1743b33811b132be6eb250fda6bd8a9","sha512":"32829b713ccc116ae87dd2212778ee487c8b3b53ec907f3fcceea4e6406ab06e142541b4bddc141d8fbd1bf37a941b68e1e4c04e754137c10aace0c273e5d9c7","ssdeep":"","tlshash":"73f020601b323a42c33c0731800d831a23a2a39911b5d6dbdec7bda0ec65db7de10c5c","first_seen":"2025-11-02T16:42:00.615315Z","last_seen":"2026-01-07T08:11:43.750959Z","times_seen":4,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/secureproxy?e=ping_proxy","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /secureproxy?e=ping_proxy HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://button.claims/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 07 Jan 2026 08:11:06 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 03 Nov 2025 22:31:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r6ctmf7719viESkOI%2B2dgCGhihZs1ToQixZ7KxpyH%2BYnyDt4YTipPFEdArzDYFpSVuGx13IHBb9Xwx7%2BTptLL6gKyIycxsS8MTAH\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9ba1fb86fa155688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a943672a32297727bab01c3e76977550","sha1":"3a667c4b7a457ef6c586cc581d533c128737bf53","sha256":"b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187","sha512":"0965d415f3a0cef31953702fdae345d46fefd72ce3c4c7a0255aede74a76e10b856892700529a444453a622793e0257248c5c99fae17d5b0b9fd4118e208068c","ssdeep":"","tlshash":"2e01bd0a08e0501bc0d3915169a0f22dc9c2f997aa5b180079ed91c6cfd5f89c9d35ac","first_seen":"2023-03-08T11:42:06Z","last_seen":"2026-04-22T21:01:45.121948Z","times_seen":35611,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1rpc.io/bnb","fqdn":"1rpc.io","domain":"1rpc.io","tld":"io"},"ip":{"addr":"20.105.41.175","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1rpc.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 08:54:00 GMT","end":"Sun, 29 Mar 2026 08:53:59 GMT"},"fingerprint":{"sha1":"9D:0E:E6:C9:38:9C:7B:0C:61:7B:89:17:23:FC:C5:CB:91:91:0F:86","sha256":"10:92:DD:CA:E9:3D:B3:E7:A5:9B:25:FD:AC:75:48:F4:91:3E:34:30:D0:69:39:B6:F6:6F:8B:07:48:E6:95:81"}}},"request":{"raw":"OPTIONS /bnb HTTP/1.1\r\nHost: 1rpc.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://button.claims/\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AutomataGeode/0.1.0\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: content-type\r\naccess-control-max-age: 86400\r\naccess-control-allow-credentials: true\r\nContent-Length: 0\r\nDate: Wed, 07 Jan 2026 08:11:06 GMT\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T23:09:24.873355Z","times_seen":14078528,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":76,"dns":1,"connect":32,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"binance.llamarpc.com/","fqdn":"binance.llamarpc.com","domain":"llamarpc.com","tld":"com"},"ip":{"addr":"172.67.68.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"llamarpc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 09:00:45 GMT","end":"Thu, 05 Mar 2026 10:00:42 GMT"},"fingerprint":{"sha1":"A4:DE:E6:20:F4:91:A2:13:85:86:BB:F0:94:24:8A:EA:35:6B:0E:1C","sha256":"FE:F1:96:78:8C:EB:8D:AC:D1:16:A1:55:93:1F:43:3D:7A:CA:B3:11:8F:7B:E4:7D:56:47:2A:65:91:55:45:28"}}},"request":{"raw":"OPTIONS / HTTP/1.1\r\nHost: binance.llamarpc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://button.claims/\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 07 Jan 2026 08:11:07 GMT\r\naccess-control-allow-headers: content-type\r\naccess-control-allow-methods: GET,POST,HEAD,PUT,DELETE,PATCH\r\naccess-control-allow-origin: *\r\nvary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xiGY10ICpVYh8wVAfwIz9lsT7GQrDYsfncVHk8%2Bj5m1yvXjQZGYAu%2FZ%2F6wO7ayddpwfHh1nAw9Z064Vo95%2FovH0U4%2FTxUN%2BL2kI1x8sK6aSsue8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9ba1fb879fea723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T23:09:24.873355Z","times_seen":14078528,"resource_available":true,"data":null}},"time_used":597,"timings":{"blocked":69,"dns":35,"connect":1,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1rpc.io/bnb","fqdn":"1rpc.io","domain":"1rpc.io","tld":"io"},"ip":{"addr":"20.105.41.175","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1rpc.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 08:54:00 GMT","end":"Sun, 29 Mar 2026 08:53:59 GMT"},"fingerprint":{"sha1":"9D:0E:E6:C9:38:9C:7B:0C:61:7B:89:17:23:FC:C5:CB:91:91:0F:86","sha256":"10:92:DD:CA:E9:3D:B3:E7:A5:9B:25:FD:AC:75:48:F4:91:3E:34:30:D0:69:39:B6:F6:6F:8B:07:48:E6:95:81"}}},"request":{"raw":"POST /bnb HTTP/1.1\r\nHost: 1rpc.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://button.claims/\r\nContent-Type: application/json\r\nContent-Length: 136\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":136,"data":"{\"method\":\"eth_call\",\"params\":[{\"to\":\"0xd24aeC3254652B0ab565E41A945b491e98Bb5FFC\",\"data\":\"0x73d4a13a\"},\"latest\"],\"id\":1,\"jsonrpc\":\"2.0\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nDate: Wed, 07 Jan 2026 08:11:07 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4903,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"de9a73a1a5dae05a90d288aa0fa0f5ee","sha1":"36dae6ae5e5144371d9c123a13fbff7926c28b72","sha256":"ff1536d46de0319a8cb1eff2085d79c0df6983c4b809f5b255e2dfdf9775b6bc","sha512":"ba8288272049f23c9f595a3768604632fb22598fef29ead5a5eb91024acdf9eb2a8d7f74f3a1fa8e63d31efe087d119212e2c420f04ca158d99ef53cd95a49c6","ssdeep":"96:oigW53TB2SzrZYpTbDaOTkSO6mdSInccYGS9FzelVLC:r5TB2SzAT/7kSRRrze3m","tlshash":"45a179f0ee02c891f1be4768f2ddbe0461383726eedc5a4604b45a991ee5a51bd0dccd","first_seen":"2025-01-16T17:05:36.089407Z","last_seen":"2026-04-22T16:00:31.029972Z","times_seen":928,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":-1,"dns":21,"connect":29,"send":0,"wait":208,"receive":1,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"binance.llamarpc.com/","fqdn":"binance.llamarpc.com","domain":"llamarpc.com","tld":"com"},"ip":{"addr":"172.67.68.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:07.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"llamarpc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 09:00:45 GMT","end":"Thu, 05 Mar 2026 10:00:42 GMT"},"fingerprint":{"sha1":"A4:DE:E6:20:F4:91:A2:13:85:86:BB:F0:94:24:8A:EA:35:6B:0E:1C","sha256":"FE:F1:96:78:8C:EB:8D:AC:D1:16:A1:55:93:1F:43:3D:7A:CA:B3:11:8F:7B:E4:7D:56:47:2A:65:91:55:45:28"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: binance.llamarpc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://button.claims/\r\nContent-Type: application/json\r\nContent-Length: 136\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":136,"data":"{\"method\":\"eth_call\",\"params\":[{\"to\":\"0x158862Ec60B7934f1333e53AC1e148811A2E3BeB\",\"data\":\"0x53ed5143\"},\"latest\"],\"id\":1,\"jsonrpc\":\"2.0\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:07 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\nx-cache: false\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KS%2F%2FqCvRRs1JfdJy9r%2Fh%2FiNjEGhjWweEogpUcKnf34ujKivacHJlT6Ka6PjaZpoNnj0PARQ5e0Ani6CKdUUBYMmK9WLKONQx3fCNI5sFhSegpkE%3D\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ba1fb8a994f723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6374,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fa3dbe9e7a67f351ee2d52c99850bf9c","sha1":"294cd26f4c0198841057707ed0b44b3cf616e5a8","sha256":"efe3b5e2a041edfb73e010d9c7b8321b7c075c78f0b5d972fe7783da8844f87b","sha512":"d46f4edc8d511404ba6bb32a1a375a1a1c66b24a11f072dbe332243df7b1489af0816a8506fb648a97dd28b0c5ceac714915bc46221ef78d12e9a8a5f1d51d45","ssdeep":"24:YUtXa257vaoWH3eGZsthXvUzZ5+hdex1qx1xxNU6xvQaNBtXX60jv:YKam3QytxvU15+doY1jNNTt9jv","tlshash":"52d108f098c98e50f19baa81b798bc9400213caf7fdf8f40415cf8b6a0f54a176a448f","first_seen":"2025-04-07T11:53:19.749574Z","last_seen":"2026-04-22T16:00:31.053937Z","times_seen":5240,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.prod.website-files.com/68b8ce3f948e316dd7bbd571/68c43eb4c519f4722b8e5456_btm-img.png","fqdn":"cdn.prod.website-files.com","domain":"website-files.com","tld":"com"},"ip":{"addr":"104.18.160.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:05.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prod.website-files.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 22:38:30 GMT","end":"Sun, 08 Mar 2026 23:38:26 GMT"},"fingerprint":{"sha1":"E1:F9:29:6C:56:57:15:B2:B3:5A:24:3E:50:03:94:B8:56:24:45:58","sha256":"D3:5A:81:E7:72:42:57:B7:FA:3C:C6:F7:CA:F5:06:4D:4C:20:11:11:40:37:24:F1:12:2C:AC:A4:5F:03:68:0B"}}},"request":{"raw":"GET /68b8ce3f948e316dd7bbd571/68c43eb4c519f4722b8e5456_btm-img.png HTTP/1.1\r\nHost: cdn.prod.website-files.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 1150557\r\ncf-ray: 9ba1fb7c7c5f1a30-OSL\r\nx-amz-id-2: 6wmm5cN6+FCpeJ7NvHFu+aS1/3KQU4wCXqbxHpM8Ehq+19Nny4udX61YaSAd8+od+nu6oB3IxEE=\r\nx-amz-request-id: GS2QATQWZQ0W09ZJ\r\nlast-modified: Fri, 12 Sep 2025 15:39:33 GMT\r\netag: \"0d2317bba4f9f7e4f42afbe9854dc4ae\"\r\nx-amz-storage-class: INTELLIGENT_TIERING\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=31536000, must-revalidate\r\nx-amz-version-id: WtcfgBBBNSlxKkcnSI7iMJlV0ht0ewV.\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1150557,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1440 x 732, 8-bit/color RGBA, non-interlaced","md5":"b6358d17d4f85ba0282b8188e40da472","sha1":"6e1c807187ec769acdb3c301634c3e4814b61f2d","sha256":"fbebb6cd5a197ba4e60816ff99e691931b6fa776598e06b1438681af05eac215","sha512":"4bd7308d45925b26dbb7c1ff6a0a93498ac530e0dce60eddd7afddfcd3e26f5cfa5e5dcaac8176abd4c690c81d756b8641e367dc6b4dd561de877dd0f2564de4","ssdeep":"24576:3grurQzKDNRNBk1o6QtBibJXGtz6REc0kyG:wKkkbBrEJ6s53","tlshash":"ed253313356f0accfb7794d85a2f074e793672b15f968ece4adc8c2821544a0a6d23f6","first_seen":"2025-11-02T16:42:00.648648Z","last_seen":"2026-01-07T08:11:43.760775Z","times_seen":4,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":82,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68b8e50a03000bbd58197037_interfaces.avif","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68b8e50a03000bbd58197037_interfaces.avif HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/avif\r\ncontent-length: 436\r\nserver: cloudflare\r\nx-accel-version: 0.01\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: \"1b4-642a5109c9c00\"\r\naccept-ranges: bytes\r\nx-powered-by: PleskLin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jSpYlqdheTG3GEFO0ou1vjOrgeeqnTNayaLQKFrPfkpNjjhoRZ13iZAh0w08qEhV7rX9YjXHQ%2FO1bcf4lMaz4XeskpD8Q20d92VW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb603e945688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":436,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"5dbc88865ccc46dda9e295570ca59c5a","sha1":"243a50c531f67f6a0fb9d8f61e8c65c2f3c0655b","sha256":"c7df27faf1559f15c4cf0c0828d92158d191b568cf3b37267b93b54ea75aa1fe","sha512":"423d2c68ac16c16f31973287f39b371782c0864e8836db0a61349e8ecb7b043df8b7ecfe7cb2fe1e6c29a8750d787da20951f72891d8e8fda4d8cc6b3b455b65","ssdeep":"","tlshash":"b3e068526a924c34e24c4378c82e433b7ba2e18c32705ac7e913f8281c79b729e21e14","first_seen":"2025-11-02T16:42:00.624914Z","last_seen":"2026-01-07T08:11:43.783727Z","times_seen":4,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/css.css","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /css.css HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: W/\"6907eaf0-db2\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2l5bZtTwLCNanJs5Pi0r3NF56FgTXzz1KEBDTqFa%2BS6zBfANsG9flME0wRaxmQ4psc0eZLJ9wl%2FoOksuNo1nKEuqMXZigFQEhB9r\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb601e785688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":3506,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"a69b1105f0a7a17f6a7a3428f0e93b0d","sha1":"aa2d4723a4ad98d71761cd61cca654b248d0d212","sha256":"d7d670db410304d9ab28ed6ea86faf3d5a36ad5e9db539a31276bb247eb0b6e4","sha512":"3a3df4a67bfa8e01005f34c78fbf42d9aec3ed98633f19684de50445df851b59c9fa683d5884dc2b463d096f0ee7d8757a91fa776c891aed01da1867bbbfa941","ssdeep":"","tlshash":"b8715890042a9400a7832cd673cf3e325d9db188b086d9356ffe1859acdad7663a1b4e","first_seen":"2025-11-02T16:42:00.652821Z","last_seen":"2026-01-07T08:11:43.744317Z","times_seen":4,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/swiper-bundle.min.css","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /swiper-bundle.min.css HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: W/\"6907eaf0-3f65\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hFCP8u9TAJLHPKX3QmLkPV%2B94NFvFpJZrpnVXBjDq2t%2BdTI2AYEkXqw6ISx%2F11WITUNOhIt6u3DBMRcoc8MdUtFI%2BvycqmzH1fKQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb602e795688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16229,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (15974)","md5":"457f33e5446d430c577bb43f3adb6309","sha1":"6a4e9fb7844c1ef16b441e62326c3aad6bb983ae","sha256":"00d703073be3fc405f199aee7ac39658bfb691afffb143912b02acc638e73645","sha512":"aa4443eaaa0913188837b159ecfc077cbbb0382f2d0d8bc2634cf35a562bc791af2f5d2f9bcd317e48eab913facc51e02d371c4844bfc083566d497d194c1382","ssdeep":"192:C4JTLdKSme+jeF474nQ7p/l2GZb0Q5RfufKDvAYfg5faeesedOJxbpPz+c3lttCd:C4JndKW+Sa0ni24tnWfz4eNi","tlshash":"d17223945350182753274f365bb1cbb9e67448c14fc389ae91c0ee48d7f6dba132f2a9","first_seen":"2025-08-05T21:10:49.108241Z","last_seen":"2026-03-20T10:11:17.249171Z","times_seen":11,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68c456efe59b41e9cc6c2bc5_img1.png","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68c456efe59b41e9cc6c2bc5_img1.png HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 586016\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-8f120\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8a5LFPiu0nZIY%2FCK1OLa%2F8%2FgIYDF%2BHXYbM85t21T27TrJ%2FE23yu0CfgTqeFF%2FsGRx24xEuFqow3cp22RqRcGSWPR4zKBvseNNM4L\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb602e855688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":586016,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1118 x 746, 8-bit/color RGBA, non-interlaced","md5":"6e51148f72bff2baed6026ef7aadd288","sha1":"c1c17719f4228e4de84223a076bc4e50434da999","sha256":"78275404631de547366020141ea7c49733657897bf5c1747b9a6e77e09dcd006","sha512":"596a3317b6e75a29940256a7b249bc48725e752656d7a9871a20a1071192b1021046cc614ef124abad66d3ef2b68031249e3585e230e6d65144379e6bd2fdc7d","ssdeep":"12288:GhQovWQ/R/tMF5ywftbm7zwvtMQRNHYDX8CdA4gcBoTWf0bDe7Mi:Geo+Q/R/SqSty7MCkHCMCO4vBz8m7Mi","tlshash":"51c423fa547fcfe29a99323b6174a0c5106a9185caac0e5b87230256e2741f3cd75ff8","first_seen":"2025-11-02T16:42:00.64359Z","last_seen":"2026-01-07T08:11:43.753852Z","times_seen":4,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":185,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68c456ef29710ef93be300cc_imag3.png","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68c456ef29710ef93be300cc_imag3.png HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 612276\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-957b4\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FfVlyz65dgaJuxKF6Bk%2BRGoJwlAAgPLyhGH2zOGrpB5KMulKUdQBAnrn%2FOUXHdzjXqZJBagLhOEGat558mB6GjKnQRL9NbqPylHO\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb603e8e5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":612276,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1118 x 745, 8-bit/color RGBA, non-interlaced","md5":"efc9ca43788c64c483749b3f4a3e4dbb","sha1":"a969352271a567b8354e77ab0abbf5591c234208","sha256":"8d512de27f5e91667e0698511f2cd1ccb8442ce2bf6c3534acec65561caee166","sha512":"03d3c0a361ecf0f0cbb08b37e7a0e071b38506073e10a4b6a6a4cb46f04530e1f3ca6ec08a97febbf8ae04de95b840b9e8565672e4e9e7087d1ba1498c212499","ssdeep":"12288:OaHkLCS4eYXdsDGvcM2DjcMdERSu6f8BAdta2tBTKvaSecfezIR:OaH3ReIsDGEMqcMmRSuYlDT0aSTGz2","tlshash":"e1d4236e7d3a74558ffe33c40bd31aec95d08bae8e4a75045a2337a0642b81d8d8cf56","first_seen":"2025-11-02T16:42:00.599036Z","last_seen":"2026-01-07T08:11:43.791317Z","times_seen":4,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":204,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68c8403965e49fa4f8329bb4_yiel.png","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68c8403965e49fa4f8329bb4_yiel.png HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 149582\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-2484e\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lQ220AvY93c7j79tltkQFYODVl5wJ68lYjOcQA8IoAKUC6lRdX5Ccj2C7ku8k2PLTg4nEdnBX%2BxNoSv6iT12Nmi2kgWJwXV11fpf\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb603e985688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":149582,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1033 x 581, 8-bit/color RGBA, non-interlaced","md5":"1cba331778694bee438b2f216b333730","sha1":"357fcccec432d475fb7680bea0cbf8f053ac36c2","sha256":"bbc34c2907e8935f32347118cfc00aa4e305d4b67ac1027c9b7a8cfb9d15728f","sha512":"259b5df052d76b2108142580e97c2e8beda0f51256b3ecf3263d8e81f2803537f7c92989108bdeeb319950bd7ae895b7769c0d23d29b64541a3a512c87e2bef0","ssdeep":"3072:QwCynHVXinblz8vzbPgMfFT5P0LRNbpXWHQlfaEDheTtjyHoKAoSh:Jn1Ih4fIM9KLRNbp+QlNoTt4oKAoE","tlshash":"a8e312c37ae4cebde7657a7113a3e0c6d23e0672c665c2334bd435014b7269a7eb58a0","first_seen":"2025-11-02T16:42:00.645869Z","last_seen":"2026-01-07T08:11:43.754836Z","times_seen":4,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":211,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: application/javascript\r\nexpires: Wed, 07 Jan 2026 08:59:00 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MsNVtZxyTuX5qgVenfr7iEJtAwnfBn4vTPOEZSZ5XVNgDZ%2FtDK24OMMbtnplU3AmygbWMqWphoQkHYw3WhFPVK9%2F2fN0QkSRxdfy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ba1fb604e9b5688-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-22T23:09:57.257353Z","times_seen":310546,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.prod.website-files.com/68b8ce3f948e316dd7bbd571/68bae22d840e891ced26aeab_web.png","fqdn":"cdn.prod.website-files.com","domain":"website-files.com","tld":"com"},"ip":{"addr":"104.18.160.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:01.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prod.website-files.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 22:38:30 GMT","end":"Sun, 08 Mar 2026 23:38:26 GMT"},"fingerprint":{"sha1":"E1:F9:29:6C:56:57:15:B2:B3:5A:24:3E:50:03:94:B8:56:24:45:58","sha256":"D3:5A:81:E7:72:42:57:B7:FA:3C:C6:F7:CA:F5:06:4D:4C:20:11:11:40:37:24:F1:12:2C:AC:A4:5F:03:68:0B"}}},"request":{"raw":"GET /68b8ce3f948e316dd7bbd571/68bae22d840e891ced26aeab_web.png HTTP/1.1\r\nHost: cdn.prod.website-files.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 4242\r\ncf-ray: 9ba1fb680ac13181-OSL\r\nx-amz-id-2: 90M7XC6KxTQbHa6DIbTM53LkWdw/4InF/EDoIDqNala5nYKPqwW6pYXLQnk+Ibe52LKm7T1zk2k=\r\nx-amz-request-id: F9FW8G6TV1CK12T7\r\nlast-modified: Fri, 05 Sep 2025 13:14:22 GMT\r\netag: \"94ca519a1a6d90268ea2e05d60e28f39\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=31536000, must-revalidate\r\nx-amz-version-id: 0tj1RwmU334WF8MHhvpt0ZdIAR3IOPoB\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4242,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"94ca519a1a6d90268ea2e05d60e28f39","sha1":"f114a553e5230e7754f7b0a7b7ffdee647b25292","sha256":"f769c5140afc10f0c89725a082f0dee65edce55b0ce89767d41ba672eb666f3d","sha512":"ae9c0628885de38d1bc234067c3da8e5b2505c9697e0aedfc85c61a8fdfe23a5ec8f464ac7eafd35b0fb3b33dd261eedcebd69e37caeb284474fbf5b2f0014a9","ssdeep":"96:1Suj9wwwwwwwwwwwwwwwwwwwwwwwwwKlG0BD6umUyPIs1z0I35YVgUBS1DsoPqmy:1SuhwwwwwwwwwwwwwwwwwwwwwwwwwKl3","tlshash":"5a9183c17d9aec7e06107c2168e419603b0946d5c3a323dd87c46bbde64bdedeec80a2","first_seen":"2025-11-02T16:42:00.617078Z","last_seen":"2026-01-07T08:11:43.75598Z","times_seen":4,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":83,"receive":1,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/react.js","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /react.js HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:44:46 GMT\r\netag: W/\"6907ecee-556d2f\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AIExwRqgVZuWXk9wC6ohuzMjtbG5%2F4fiLPrWpzdei2Hd68erdPVHTTT6Deq0zvNdbPF7xDlGsq%2BuVFoZ6e4xkKbbr3trLCA0B1ZA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb602e805688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":5598511,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f06c7ffec5924c8fc81bb5793a910932","sha1":"3c47585e5cc421a1a691b74511143452f551d7ee","sha256":"dd7d3b4e245e23869c096bf0825d346b183ef7dc29cb185692adea4b904faf82","sha512":"662c7d622d9c03fa3408eebd6d8a54d70416e16da21eae0f378dba4f1f94815f04e1b72cf0fe5b50e54a14d6d9557840ede4c46f17b18886c75ad991afd6d6cf","ssdeep":"24576:MBhSe34jXOSQXox7t321B4ziAhM6gHt/SgUFyAVT2i:MDSe3hvoFt321KFOH5SiwKi","tlshash":"4d2523708285f8a46a36c62df5dc388078c625bde3ce1992146db4f0e9773757cbb0a6","first_seen":"2025-11-02T16:42:00.629022Z","last_seen":"2026-01-07T08:11:43.77249Z","times_seen":4,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":357,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68c84039793b2b8bc1669864_proto.png","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68c84039793b2b8bc1669864_proto.png HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 159209\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-26de9\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VZGNVZj02yX36qREqM%2BsFI8YehEAG1ZxtVUZ30QoZgu7HnhyqlbiYs9aXeQC4MORKhxuBOXxhayECVku8OdbUxFTKXqsa9BkhCru\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb603e975688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":159209,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1129 x 581, 8-bit/color RGBA, non-interlaced","md5":"e13d40909008ef4b3f2e2b8afa2206c5","sha1":"bdd30875638a4a6efcc35828410a9d7056ed12bd","sha256":"26940811ded2fff23bfe248387b2aaa4a797f32020487502ea9a561d5867f0e6","sha512":"0b91c6a6e06d6c0377af140106870c4d8674a0cb2738613d8aa8a30db18bf02516963a4c70dc8f506839e44a7f18d6a4953723c994a0768090cc34c193c6f1ed","ssdeep":"3072:Rh05kxLEEK7MVvfWW2PKRqwybcrw2pFDqW2kW7B3Y3NTuztEDbpJ:R64wJ7E+L2ybz23pWtoktEDv","tlshash":"27f3129633885901e19f5afa893aeb2c467d6b43f2339a53b398070584cd3dbf42cd56","first_seen":"2025-11-02T16:42:00.595726Z","last_seen":"2026-01-07T08:11:43.785299Z","times_seen":4,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68b8ce3f948e316dd7bbd571_68c42e982b30085ae8765e5b_button_bully-poster-00001.jpg","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:05.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68b8ce3f948e316dd7bbd571_68c42e982b30085ae8765e5b_button_bully-poster-00001.jpg HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:05 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 39915\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-9beb\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5JsdVkAVKgOHXJHfVcSVA8Erv8F06DAEGnTf%2FISC54ylrjjc6aIBidiZfmRanx3AyP8PAqCbb4E7AEby6yCaZbkDknxIZil7Go7q\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb7c68985688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":39915,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 1280x720, components 3","md5":"7769a9629c443c9b6ce40b783c5c9b6f","sha1":"44fc074e9dc241be78f0e0b017e64217bae25730","sha256":"beb133fa8990bd6f17544d8fe3b94fa27b400e50a47bd280523f9fc8ebb06768","sha512":"730193f7f87936f4aadafa21c30fb5b40a84ec207077d96305a5eaef1eb2a846b3eb5693fe9ab811f09481695a4c117fc77ec0864ea98c007c193f42b663df95","ssdeep":"768:XF2FU+XSjIq4lpLtNZ0nvrXNjIP8sGXIb16BFBGJrxV5VyAe7hg5D:XuXhzpLun5jW0IEBFBwx/mhg5D","tlshash":"d503f1242e065c2548135a1c8ecf03694561bbcc7efa96d05bdc8d9adb9dad107e738c","first_seen":"2025-11-02T16:42:00.610472Z","last_seen":"2026-01-07T08:11:43.797559Z","times_seen":4,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":186,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.prod.website-files.com/68b8ce3f948e316dd7bbd571/68c4387a200eadf8bd745e5c_ABCArizonaSansVariable-Trial.ttf","fqdn":"cdn.prod.website-files.com","domain":"website-files.com","tld":"com"},"ip":{"addr":"104.18.160.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://button.claims/","date":"2026-01-07T08:11:05.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prod.website-files.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 22:38:30 GMT","end":"Sun, 08 Mar 2026 23:38:26 GMT"},"fingerprint":{"sha1":"E1:F9:29:6C:56:57:15:B2:B3:5A:24:3E:50:03:94:B8:56:24:45:58","sha256":"D3:5A:81:E7:72:42:57:B7:FA:3C:C6:F7:CA:F5:06:4D:4C:20:11:11:40:37:24:F1:12:2C:AC:A4:5F:03:68:0B"}}},"request":{"raw":"GET /68b8ce3f948e316dd7bbd571/68c4387a200eadf8bd745e5c_ABCArizonaSansVariable-Trial.ttf HTTP/1.1\r\nHost: cdn.prod.website-files.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:05 GMT\r\ncontent-type: font/ttf\r\ncontent-encoding: br\r\nx-amz-id-2: 3qzPlO0RpmKvGwP0IemREc5eXAwEqaWmFpCLMMWzQkBUzXwfpvjLfhod3SZEpaNR+hui7pj1pU8=\r\nx-amz-request-id: NCXAJF4BZMEG9BRH\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-max-age: 3000\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nlast-modified: Fri, 12 Sep 2025 15:12:59 GMT\r\netag: W/\"e5b65d0a66bf95bac7f4f390b99eaba8\"\r\nx-amz-storage-class: INTELLIGENT_TIERING\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=31536000, must-revalidate\r\nx-amz-version-id: 9O7WUP08vaNP.mB4rNFTVZ32SjYb3dDE\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 9ba1fb7c8c7f1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":569096,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, digitally signed, 18 tables, 1st \"DSIG\", 49 names, Macintosh, type 1 string, ABC Arizona Sans Variable Unlicensed TrialRegularABC Arizona Sans Variable Unlicensed Trial Regu","md5":"e5b65d0a66bf95bac7f4f390b99eaba8","sha1":"298b671307b28854c876e6a3361bb76541cf774f","sha256":"3e9ead80ec9e1debfaee99c511e085190c9fd2c205fe3fc2b07c5bbc11d1266b","sha512":"7d69b5e21d09ff6f5d5b89000015d5466e3ec01015a133fcadfa5200aef27c36fd34c3169c5e854bee520e84bb235d74464c81d8cd18a3269d8915b4be8320a9","ssdeep":"6144:xVZwJAvtD8eIkVlI4l4ZpxKOMFzWiQMjykztsvRVdwJnYs6YmR67aQvqELfuYz0/:DmAvVNVq9ZLiQeHdHLmY3u7b","tlshash":"e9c47d22f185e60ad40927358cb3db655e7abc087f37131735897b789abf3c19a29381","first_seen":"2025-11-02T16:42:00.612336Z","last_seen":"2026-01-07T08:11:43.773824Z","times_seen":4,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.prod.website-files.com/68b8ce3f948e316dd7bbd571/68b8d3f360fee8e996b76e24_ABCArizonaFlare-Regular-Trial.otf","fqdn":"cdn.prod.website-files.com","domain":"website-files.com","tld":"com"},"ip":{"addr":"104.18.160.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://button.claims/","date":"2026-01-07T08:11:05.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prod.website-files.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 22:38:30 GMT","end":"Sun, 08 Mar 2026 23:38:26 GMT"},"fingerprint":{"sha1":"E1:F9:29:6C:56:57:15:B2:B3:5A:24:3E:50:03:94:B8:56:24:45:58","sha256":"D3:5A:81:E7:72:42:57:B7:FA:3C:C6:F7:CA:F5:06:4D:4C:20:11:11:40:37:24:F1:12:2C:AC:A4:5F:03:68:0B"}}},"request":{"raw":"GET /68b8ce3f948e316dd7bbd571/68b8d3f360fee8e996b76e24_ABCArizonaFlare-Regular-Trial.otf HTTP/1.1\r\nHost: cdn.prod.website-files.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:05 GMT\r\ncontent-type: font/otf\r\ncontent-encoding: br\r\nx-amz-id-2: zClovckW16k1FKYbVLnTrV/YczLUcp3G0XQ3LuZKTEcNAm0ZhTftyDugRtDaGdjPWS1NXwZlRuw=\r\nx-amz-request-id: QNZ1XBGC5DJYDH2N\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-max-age: 3000\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nlast-modified: Wed, 03 Sep 2025 23:49:09 GMT\r\netag: W/\"8a8eb7422ca4a4c91704e0e7dcea4472\"\r\nx-amz-storage-class: INTELLIGENT_TIERING\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=31536000, must-revalidate\r\nx-amz-version-id: td7Q0ndYhxF_YFF2m5ffQoH88hF0DQV_\r\nage: 37150\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 9ba1fb7c8c891a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":148460,"size_decoded":0,"mime_type":"font/otf","magic":"OpenType font data","md5":"8a8eb7422ca4a4c91704e0e7dcea4472","sha1":"6ec4f74b342950969dc490ee511273f011a6bcfc","sha256":"4413485aeedcef06708f2404441d3663e4ad31eb7408d85189fab9bcc59a0ee4","sha512":"18c997616c04b727cfd29387a962ee5a4b3b339d46cae4d4446d62d37658d40876cf62e5dae4d0055ecc39d535cedbbf14660e51cf9414b217506eff96f5634d","ssdeep":"3072:ul+JJ3Tg0g/Pv1LlVuFqCbzuSSSSuG2uFunzrcr:ul43Tg0IVuFJbqSSSSuG25za","tlshash":"81e37da1b7859711c5229b3a9c63db302376fd0bafab8f5370719a481d875890f363c9","first_seen":"2025-11-02T16:42:00.65022Z","last_seen":"2026-01-07T08:11:43.775959Z","times_seen":4,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":64,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/crypto-js/4.2.0/crypto-js.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:06 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 19621\r\ncf-ray: 9ba1fb851c0e5693-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"65384d58-4ca5\"\r\nlast-modified: Tue, 24 Oct 2023 23:03:52 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 2882434\r\nexpires: Mon, 28 Dec 2026 08:11:06 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=mFZrq%2FDElPUCFaQwNfuycHTMPGVNXuGo0jVXeNlnXgHHlnf8qEYL1ik2ZVdBvxoRO%2FaG5SexBQLtiac6m9xs3zoExJlXJ6zjsQCYSoDkvYS16y2HyP4Zpx0Mr%2BGJecicM2X7q1dY\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60819,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (60819), with no line terminators","md5":"d9c6de0df2bf028d93924aff92487904","sha1":"6596050516dd12af52d9b0e7b18ed837f1d81300","sha256":"769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc","sha512":"6be4940eec0dcd70efcf85eb21c5c7b827f4f3dfe2240a0de259ab5c9835f179ddb8a2ba6250c73516a5bf8c9dd4de3438a23cd2d162745faba9314a18fa1615","ssdeep":"1536:R8K6Znxmj9rlvCOhI64j7AtSPtNPU9ArHMLlk:RV6+jKOh4z","tlshash":"65535bc0629c5491a3b76480087f740b7073353b0a1d5aacf658faefacacad6907cd39","first_seen":"2023-11-02T21:20:28Z","last_seen":"2026-04-22T20:42:31.258414Z","times_seen":29641,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":127,"dns":1,"connect":1,"send":0,"wait":15,"receive":1,"ssl":132},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/button-staging.webflow.shared.1f4a742e3.css","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /button-staging.webflow.shared.1f4a742e3.css HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:42:44 GMT\r\netag: W/\"6907ec74-ecf9\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EcqS8%2FkZs3KWyT0orlrXNCC2mgNWDO1d4ep1c4Q0%2FdFnOIFX9zWkReJjUP%2F%2FUbidrc2iyYAD2MPTrm19HY3AlVG7t7wQgW1I2TVL\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb601e745688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":60665,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"05120758886c5665c0406fbd5264fca3","sha1":"f32ae5b94d38ce4a19b466b97bdd20b3e6a0066e","sha256":"0c2b39889629a586868dc68ad3b42dc51d78843ce673c13bbf6e296e8ed5da62","sha512":"abc6507b58800d0d0cc6fc12cf13a52865116926249435c80778b854b5d8ac9f4daf52ed92b8c297e333c024911e66fb05651425b8723d82eb8893042d4a42d6","ssdeep":"1536:AysEeqyP0XcPyjowSjcLLsf+kk61rOfNM8ZvLs:VyP0XcPySpSLs","tlshash":"035375867bb816147c0f94a869d6e725732d5083920fcfa9bad0700ddfca2c56963f9c","first_seen":"2025-11-02T16:42:00.59433Z","last_seen":"2026-01-07T08:11:43.748917Z","times_seen":4,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68b8ce3f948e316dd7bbd571_68c42e982b30085ae8765e5b_button_bully-transcode.webm","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://button.claims/","date":"2026-01-07T08:11:05.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68b8ce3f948e316dd7bbd571_68c42e982b30085ae8765e5b_button_bully-transcode.webm HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 07 Jan 2026 08:11:05 GMT\r\ncontent-type: video/webm\r\ncontent-length: 5292065\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:18 GMT\r\netag: \"6907eaf2-50c021\"\r\nx-powered-by: PleskLin\r\ncontent-range: bytes 0-5292064/5292065\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JVjmFFaj1Oh06egChv0d0GxcR2vVHtxdWVbPZqkghfhSLNkr7DM5orzravndu8HRDtrwZ0hGoci%2B%2BVOBMlHCT8ax2oiR5hgeqRMG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb7f0b3b5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5292065,"size_decoded":0,"mime_type":"video/webm","magic":"WebM","md5":"6dcd1772859a48cc82a7793491ce95b9","sha1":"c2256aa968f7246fb41dde161f98d509606aa6e3","sha256":"400647b97f4cd8c35085e1eb8637dbd50b90bce88405b4c21efa10fe1e2da49b","sha512":"4c3c90659ebc8d78b85e5937cc67c438879734eba0d65b6cfc959c82c3289b0c7ade38f2ee2ecd013273c66462f2ea9136c8732d7cdae4739ebafeb294874d9b","ssdeep":"24576:9vdZK79vlpQypi6a8cmEGzNpxqJvk/aH9BZ:w7pl6ypLa8cmr3qdk/aH9L","tlshash":"9c25333782edac83b15f8af70993c24b47b2ad68ad9b1d4685b14c1727c75222f4f0b1","first_seen":"2025-11-02T16:42:00.621189Z","last_seen":"2026-01-07T08:11:43.757833Z","times_seen":4,"resource_available":false,"data":null}},"time_used":970,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":135,"receive":835,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ethers.umd.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/ethers/5.6.9/ethers.umd.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:06 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 125841\r\ncf-ray: 9ba1fb85dcc0568b-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"62ad87d5-1eb91\"\r\nlast-modified: Sat, 18 Jun 2022 08:07:49 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1591394\r\nexpires: Mon, 28 Dec 2026 08:11:06 GMT\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=QES9Zd2m7GdixP7cWiXMwQ0qpnObVbUToRpHAMOTMeVkdPYnU4CqfD39ipG6Qnmysc4x27rW9f7j%2Frq9A79tZ4GYGb04jeRxcKO450DV%2BHG9Mi%2BggZ%2B%2F0bLbGBhtKIk8hL%2FdjFSs\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":735973,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"268d19762594655239a29d058a7e8b44","sha1":"f06da2f7a68114b8dda38a0d782d65ddacc9c0e8","sha256":"95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618","sha512":"55e6b3e48536891a5ad0106b26525e4607c9ece0075ad5496535ef81d1fbb377dfb0b50286594c0aa0b405bf9e791c4696b674ea260813f4772ac7220ab82fdc","ssdeep":"12288:TfLmYQI/yjP+H8Xb29/nNUgE6te1R5WJW:TfCPalnNfE6taD","tlshash":"29f42b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","first_seen":"2023-03-07T12:58:29Z","last_seen":"2026-04-22T16:00:31.045906Z","times_seen":8407,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.ipify.org/","fqdn":"api.ipify.org","domain":"ipify.org","tld":"org"},"ip":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipify.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 12:15:50 GMT","end":"Wed, 01 Apr 2026 13:15:39 GMT"},"fingerprint":{"sha1":"E8:04:3F:4D:91:E2:52:D3:E0:EA:F7:1A:C8:8C:94:50:7C:2E:FF:FF","sha256":"A1:8E:F1:BF:52:25:E4:EE:2D:91:8B:1E:0B:E7:A1:C3:B9:7D:DF:7D:D1:57:11:6A:14:CF:F2:A6:DF:D1:B0:18"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://button.claims/\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:06 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ba1fb87687bb517-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"35b0bce9d250429df012c0426f88d0bd","sha1":"f81d80af9cbeb0011316fbba3da8002b32251f7a","sha256":"da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d","sha512":"32c9df1064e730e1a2358dae62aff741118007187d89510bfbdf93efaaa7356b71a570ea8c5d96bdc0b47155bbaa77df86b6847cc4d95d2d1b7fa2a1484a7144","ssdeep":"","tlshash":"dd600003000000000c00c00cc303030303c00003c30f0000ccc00f000c003300300000","first_seen":"2023-03-07T01:19:04Z","last_seen":"2026-04-22T19:50:56.863614Z","times_seen":25772,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":62,"dns":20,"connect":1,"send":0,"wait":113,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/secureproxy.php?e=ping_proxy","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /secureproxy.php?e=ping_proxy HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://button.claims/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:06 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 24\r\nserver: cloudflare\r\nx-powered-by: PHP/8.4.16, PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-max-age: 3600\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A%2B9h7nl9bUyGVpAvNp%2BLa5l2iq23LcJ9jEfAjt%2F0aocHdkYQhkfTcq5JUQPTAUdppZuBtFJ3qVMO4y5vRuiHb9qYLXL%2BLqcVgYmW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb878a975688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.4.16","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":4,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"6fdb087aa3fbfbcb8287a593a0919e61","sha1":"0e514a0662bcb69dc863953d1ce26e3d40e81a87","sha256":"9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2","sha512":"be5457d14c930b51b47ab152850c1ceaafe6ef88c8671b48164abbc83410b0c07a1e178540f6cdeac5f2672cadb1d1cbbb3434b3e39bc2c50c4646a2bae57437","ssdeep":"","tlshash":"fe300000300000000000000c0000000000000000000000000000000000300000000000","first_seen":"2023-04-12T09:14:15Z","last_seen":"2026-04-22T13:54:50.669618Z","times_seen":8433,"resource_available":true,"data":null}},"time_used":74,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bsc-dataseed3.bnbchain.org/","fqdn":"bsc-dataseed3.bnbchain.org","domain":"bnbchain.org","tld":"org"},"ip":{"addr":"54.74.234.52","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:07.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bnbchain.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 09 May 2025 00:00:00 GMT","end":"Mon, 08 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"60:A4:BE:0F:33:E9:DC:36:3B:B7:3C:5A:E4:42:EE:DE:F1:46:52:E4","sha256":"15:55:B7:24:9E:06:40:29:6B:D0:0D:FD:D2:2B:02:D8:1B:63:50:F2:26:B3:56:69:5D:9D:DF:3E:40:64:99:5E"}}},"request":{"raw":"OPTIONS / HTTP/1.1\r\nHost: bsc-dataseed3.bnbchain.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://button.claims/\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 07 Jan 2026 08:11:07 GMT\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 600\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T23:09:24.873355Z","times_seen":14078528,"resource_available":true,"data":null}},"time_used":743,"timings":{"blocked":352,"dns":50,"connect":34,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"bsc-dataseed3.bnbchain.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-07T08:11:00.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:45:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: PleskLin\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Tu0aZNunAgxDrG66wY7CC15AQ76RkGCBnC06lHW17Ede4hETQF1r506cvz%2FySswP6%2BHScke%2BpR4JYjrCLjuTuPRnT5wliM%2Fw0qeC\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9ba1fb5dce2a0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":143472,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2595)","md5":"eff9a8f442ad6ca226cd6d2dcd54dffd","sha1":"edcb93c6259405eb9c65ec36f81b9fc144ca17a4","sha256":"40e2accf7e0c19cf11a5e82142f7573eb50cbf6f7b63e6006fbe0b22c67919c1","sha512":"b31ba063db9b91476dab937718d01026041b1149312c9568a777d849bb295f3487dd8dde3aacf11aa3053873774003398ae68007ff84e2a5fac29bd04d7aeff1","ssdeep":"1536:Dk3lqk1luaK2fGliv8r8cAftVzALpzfahuqwqXRyo3iJ2:Wy2fGliv8kVULpzfahuqwqXRyo3ic","tlshash":"d0e3966e89f301416c079174aff7a7162634d143ca0bcda97fcc624acf8aad8995379c","first_seen":"2026-01-07T08:11:39.802735Z","last_seen":"2026-01-07T08:11:39.802735Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":42,"dns":27,"connect":1,"send":0,"wait":187,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.ipify.org/","fqdn":"api.ipify.org","domain":"ipify.org","tld":"org"},"ip":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:06.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipify.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 12:15:50 GMT","end":"Wed, 01 Apr 2026 13:15:39 GMT"},"fingerprint":{"sha1":"E8:04:3F:4D:91:E2:52:D3:E0:EA:F7:1A:C8:8C:94:50:7C:2E:FF:FF","sha256":"A1:8E:F1:BF:52:25:E4:EE:2D:91:8B:1E:0B:E7:A1:C3:B9:7D:DF:7D:D1:57:11:6A:14:CF:F2:A6:DF:D1:B0:18"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://button.claims/\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:06 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ba1fb87889eb517-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"35b0bce9d250429df012c0426f88d0bd","sha1":"f81d80af9cbeb0011316fbba3da8002b32251f7a","sha256":"da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d","sha512":"32c9df1064e730e1a2358dae62aff741118007187d89510bfbdf93efaaa7356b71a570ea8c5d96bdc0b47155bbaa77df86b6847cc4d95d2d1b7fa2a1484a7144","ssdeep":"","tlshash":"dd600003000000000c00c00cc303030303c00003c30f0000ccc00f000c003300300000","first_seen":"2023-03-07T01:19:04Z","last_seen":"2026-04-22T19:50:56.863614Z","times_seen":25772,"resource_available":true,"data":null}},"time_used":282,"timings":{"blocked":72,"dns":14,"connect":1,"send":0,"wait":121,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/merkletreejs@latest/merkletree.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://button.claims/","date":"2026-01-07T08:11:07.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/merkletreejs@latest/merkletree.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.6.0\r\nx-jsd-version-type: version\r\netag: W/\"3a393-ow5VcB3yNddBHZ9Yv78eUVMKtdU\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 33359\r\ndate: Wed, 07 Jan 2026 08:11:07 GMT\r\nx-served-by: cache-fra-etou8220102-FRA, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 54223\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":238483,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"67ce418e4d67b79b2e9d44050119f0d6","sha1":"a30e55701df235d7411d9f58bfbf1e51530ab5d5","sha256":"726fc8775a8aa08138293a5955dd14f9c2cb8b566f1c577f5d39c986bceab3a9","sha512":"827ddbae75068bcb5c45b95a5a33e8ef5f1f09cc8d5e580e17eb5370959970e8c0280d7edf8ed5e180390397c44ae8ff5861db566fa855bff17a52558a178956","ssdeep":"3072:6cBV39NAtLr/rq8orpLppLQ8CsPYx7F59U:6m9NAtvLYQVsQx7FLU","tlshash":"b7343bc63685a0a583da71a8043f990ff176e827404cd484e924f8f59cfce9956abf7c","first_seen":"2025-09-15T18:44:44.033997Z","last_seen":"2026-04-22T13:21:33.717642Z","times_seen":2037,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":69,"dns":1,"connect":29,"send":0,"wait":27,"receive":31,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bsc-dataseed3.bnbchain.org/","fqdn":"bsc-dataseed3.bnbchain.org","domain":"bnbchain.org","tld":"org"},"ip":{"addr":"54.74.234.52","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://button.claims/","date":"2026-01-07T08:11:07.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bnbchain.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 09 May 2025 00:00:00 GMT","end":"Mon, 08 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"60:A4:BE:0F:33:E9:DC:36:3B:B7:3C:5A:E4:42:EE:DE:F1:46:52:E4","sha256":"15:55:B7:24:9E:06:40:29:6B:D0:0D:FD:D2:2B:02:D8:1B:63:50:F2:26:B3:56:69:5D:9D:DF:3E:40:64:99:5E"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: bsc-dataseed3.bnbchain.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://button.claims/\r\nContent-Type: application/json\r\nContent-Length: 136\r\nOrigin: https://button.claims\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":136,"data":"{\"method\":\"eth_call\",\"params\":[{\"to\":\"0x158862Ec60B7934f1333e53AC1e148811A2E3BeB\",\"data\":\"0x53ed5143\"},\"latest\"],\"id\":1,\"jsonrpc\":\"2.0\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 600\r\nx-nr-trace-id: c0484ac8d93d456485be3821bc20b486\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6374,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fa3dbe9e7a67f351ee2d52c99850bf9c","sha1":"294cd26f4c0198841057707ed0b44b3cf616e5a8","sha256":"efe3b5e2a041edfb73e010d9c7b8321b7c075c78f0b5d972fe7783da8844f87b","sha512":"d46f4edc8d511404ba6bb32a1a375a1a1c66b24a11f072dbe332243df7b1489af0816a8506fb648a97dd28b0c5ceac714915bc46221ef78d12e9a8a5f1d51d45","ssdeep":"24:YUtXa257vaoWH3eGZsthXvUzZ5+hdex1qx1xxNU6xvQaNBtXX60jv:YKam3QytxvU15+doY1jNNTt9jv","tlshash":"52d108f098c98e50f19baa81b798bc9400213caf7fdf8f40415cf8b6a0f54a176a448f","first_seen":"2025-04-07T11:53:19.749574Z","last_seen":"2026-04-22T16:00:31.053937Z","times_seen":5240,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"bsc-dataseed3.bnbchain.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68b8e50a532093dd8a8f27f8_permission.avif","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68b8e50a532093dd8a8f27f8_permission.avif HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/avif\r\ncontent-length: 547\r\nserver: cloudflare\r\nx-accel-version: 0.01\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: \"223-642a5109c9c00\"\r\naccept-ranges: bytes\r\nx-powered-by: PleskLin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=caqlXSjzxvpOxvFDHQO2rEQUNC2nEX%2BR57pGFy5kyKHtVM0c4AjuVF2HpBI%2Bzyy6oLH4WCj8wfaMxT%2Bspplb7NdI9pSxa52otaft\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb603e8f5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":547,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"1c0e819c4bd66163c0e6e74520ee4157","sha1":"6765a8619dd1848cdb4f39f5f7115fe15b586973","sha256":"91b1b29de3d72a83d49c50a747b30238bd09d212e697239861897060c98c84cf","sha512":"f4d8328ace7cd36caef00e3c6eca539f56ff2b19eb85b4a18069c73623d899ea4e149c08b856ec35fbf0ba93e54d8e5441550394a3cfce2a5122401c072bd522","ssdeep":"","tlshash":"d0f09e26f6406c41d92c0338c5688b05273596ec36a46b177c45b168686a71ace35e48","first_seen":"2025-11-02T16:42:00.63067Z","last_seen":"2026-01-07T08:11:43.750014Z","times_seen":4,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"button.claims/68ba07323cdd79c5c4d164d4_headshot.avif","fqdn":"button.claims","domain":"button.claims","tld":"claims"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://button.claims/","date":"2026-01-07T08:11:00.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"button.claims","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 22:30:04 GMT","end":"Wed, 01 Apr 2026 23:28:33 GMT"},"fingerprint":{"sha1":"DB:8E:99:0E:7D:BF:2F:3D:99:CD:6C:41:B8:E7:7B:F9:72:F1:42:35","sha256":"3F:D5:C3:09:36:65:21:9C:B0:62:85:21:D8:9B:27:B7:0A:B6:F3:A9:96:B6:77:AE:91:63:C4:63:DC:F0:C5:84"}}},"request":{"raw":"GET /68ba07323cdd79c5c4d164d4_headshot.avif HTTP/1.1\r\nHost: button.claims\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://button.claims/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:00 GMT\r\ncontent-type: image/avif\r\ncontent-length: 1649\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 23:36:16 GMT\r\netag: \"6907eaf0-671\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DiA6RGIPQJLh8zdufEeNmcygFdWzhUBy9W5Lacz3ivcjogCyNDoVdSocdJHMRN6tIPjLMUd6g2bs3654Qha9J%2FoBZ8UVJwj6aace\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba1fb604e995688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":1649,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"fa06cd8838eae9ef4ba9fcb4b40d3ea6","sha1":"041691f057185ec67da5fdff2f9fc349f33678d0","sha256":"1ce15be5fed90b4b5f74798f5a90e8df622f8e2da680db747262a737cb46ef4c","sha512":"9dec02cbc1102d4eec6f2eb1cf983e367d96673ebb1b2dfee3f15a48197b033fe9267b32dbce665fabf2d316d887222949a2034acb41239dac7d678290524a48","ssdeep":"","tlshash":"d43107f0c68b530ac88e167058c8a637f09683b3e961f06b92c07633607e8892d24c25","first_seen":"2025-11-02T16:42:00.596682Z","last_seen":"2026-01-07T08:11:43.793432Z","times_seen":4,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"button.claims","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}