{"report_id":"715ecb33-8352-4e33-879f-d28c2d3c9951","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-05-12T11:07:22Z","url":{"schema":"http","addr":"trust.claim-events.xyz","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"104.21.71.46","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"trust.claim-events.xyz/","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"title":"TrustWallet Token Airdrop | Claim Your Rewards","dom":{"size":67041,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (21473)","md5":"6f823675790bfa1c7be53343808b337e","sha1":"5b156f9895ae44d0d0b57bb83b00699822ba015d","sha256":"0c04d5bcfde0207bb6d97d6f17fb15479d6a36429f0d08f587a930903a7bffb3","sha512":"dbff1c8ae6b6a039f681157892931b88f9dd32da86a1380b3340dbf2670dd9e674cb2ddcd5d1a3952fe6570893493a1cf2e22d37eb7b6f54833b4b2e9055c81f","ssdeep":"768:XMP523Rr/bhFQK0/bxmqU2nsSk07Q2BrY4BBuf5Fb++:2sBTlFQKufY4BB+5Fb++","tlshash":"a363d9b451a6213ab423d1e17be6c75f32b0c207ce5bc528b3ed52a08fcbdd99827549","dom_hash":"domhash49dcdbc1f68c3962e79aba8e15766e95","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"trust.claim-events.xyz","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"104.21.71.46","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-16T11:07:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":8}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/wallet-modal.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/images/crypto_com.png","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/images/1inch.png","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/images/blockchain_com.png","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/favicon.ico","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-10T22:20:44.526759Z","alert_count":0,"request_count":1,"received_data":10118,"sent_data":515,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"trust.claim-events.xyz","ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":74,"request_count":33,"received_data":336798,"sent_data":15178,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.251.143.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-05-10T22:17:57.86744Z","alert_count":0,"request_count":6,"received_data":206306,"sent_data":3324,"comment":"","tags":null,"fingerprints":null},{"fqdn":"explorer-api.walletconnect.com","ip":{"addr":"104.20.35.94","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-12-19","domain_rank":466611,"first_seen":"2022-10-10T18:16:28Z","last_seen":"2026-05-10T02:17:01.526758Z","alert_count":0,"request_count":3,"received_data":4545,"sent_data":1611,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"trust.claim-events.xyz/wallet-modal.js","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"md5":"ba500aa675164f423f158274c769f2d7","sha1":"794620fcd63a91cc3408e4b877d32a0d14cd441f","sha256":"8476bba5f46684f35332887a2504a91469cd4493a4384bba4c62d08aa1ccce9a","sha512":"b644e6d5e5c264a23ff479dc5825953b1b6b00a9d73874678800158174806c0aef642a2624806a9e676c83a70441bce51bedef90bda4dd78c1835cc1a3485840","size":47929,"token":"8572722254:AAGQf334V3tx6nSPZbGGkNyAf_N5can1IPU","is_revoked":false,"bot":{"token":"8572722254:AAGQf334V3tx6nSPZbGGkNyAf_N5can1IPU","user_id":"8572722254","username":"visitorend_bot","first_name":"Visitor result box","last_name":"","chat":{"chat_id":"-1003834766113","title":"Visitor result","type":"supergroup","bot_is":"administrator","total_users":2,"active_members":null,"admins":[{"user_id":8572722254,"username":"visitorend_bot","first_name":"Visitor result box","last_name":"","is_bot":true},{"user_id":7287156271,"username":"hifh2","first_name":"Ben crypt","last_name":"","is_bot":false}]},"pending_messages":1}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"trust.claim-events.xyz/wallet-modal.js","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba500aa675164f423f158274c769f2d7","sha1":"794620fcd63a91cc3408e4b877d32a0d14cd441f","sha256":"8476bba5f46684f35332887a2504a91469cd4493a4384bba4c62d08aa1ccce9a","sha512":"b644e6d5e5c264a23ff479dc5825953b1b6b00a9d73874678800158174806c0aef642a2624806a9e676c83a70441bce51bedef90bda4dd78c1835cc1a3485840","ssdeep":"768:y2foh39eMs0DMi2dcS1J7qXBnIB/Ele2DgZElKmOBr4V:y2foh39eMs0DMi2dJ1J7nt2DgowBrQ","tlshash":"2d23f971d642092c7063c1ae694642de35607013be1bae0c7b9c72698fceedf593a5bc","size":47929,"data":"","first_seen":"2026-05-12T11:07:30.172945Z","last_seen":"2026-05-12T11:07:32.002545Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/wallet-modal.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6b4e692109221745d3fa15ded090fceb","sha1":"dc6583630f8e3745041b10423988fc7eb2bc31da","sha256":"8a2543c9a1d4fe40734afa6bcabcee6e1780210f48841d0b603c963b6debf930","sha512":"c37c0ff1cc7f7ad6870bf616e9e850e75bfbdb305fff162a9daae8feb27b88222c5126489206097d6756063fa0b84e1786d65650f206e087c18fdf480ae79304","ssdeep":"","tlshash":"ae8174af21b73038592f627a678b625832755453704ac821fd6c87193fc0aacc7b2edd","size":4067,"data":"","first_seen":"2026-05-12T11:07:30.230151Z","last_seen":"2026-05-12T11:07:32.037396Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Syne:wght@400;600;700;800\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"25:C3:78:A0:E1:97:BA:8A:CE:43:FA:9C:BF:89:EF:DD:A3:CD:9C:40","sha256":"C1:18:7F:C1:92:8E:D0:83:CA:E8:62:DB:BE:FE:89:B2:84:13:70:FA:0E:40:65:D2:B6:8C:09:37:73:46:4D:4B"}}},"request":{"raw":"GET /css2?family=Syne:wght@400;600;700;800\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 12 May 2026 11:07:00 GMT\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9432,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"1d05a2847cbf5cb59ad4433a175a7263","sha1":"6305e04d7a5645b8aeafab74dd93a86c27bfe3b4","sha256":"47e4a94ccd10f67c49ba2a5d34948bb1fd8e62554c59e5e0f3f5fbd54989315e","sha512":"0f51ce8c0bc81d5322d3c4cd65a7819ef29be56cdb54d809f1f5fa7dd82abfe25dfd0842f5b6ac07ec6c497214db44a0cd8690c1153ec12ae969fc34226c482b","ssdeep":"192:uG+7p3ZAXYjG9Up3qnXffdeYMt0xdeCMt+CdexMt9rdeEMtIV:fOGCAmQQPVlSO","tlshash":"4e12dce1041b9404eb471cc673cebe35ad8e61166485d5badffe1c98acaac261330b4e","first_seen":"2026-03-16T09:05:52.946075Z","last_seen":"2026-05-12T11:07:32.03257Z","times_seen":7,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":102,"dns":0,"connect":8,"send":0,"wait":18,"receive":0,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/wallet-modal.js","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /wallet-modal.js HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-bc17\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8qnCWbGM3iTFcXdAUzHzLifsXLeilspnjBHmmWWb2VbvC8ZQpAie7g5AS5%2Fs3L4e7L7v61wYyHcj4QdNdumhkm4E1AgMQx%2FV8PZs%2B3GbEB81OVF0r%2F4kQkOxO0jnimE4NXQGQ3IoxQ8m\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9fa8f50d5fa10b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48151,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1195)","md5":"ba500aa675164f423f158274c769f2d7","sha1":"794620fcd63a91cc3408e4b877d32a0d14cd441f","sha256":"8476bba5f46684f35332887a2504a91469cd4493a4384bba4c62d08aa1ccce9a","sha512":"b644e6d5e5c264a23ff479dc5825953b1b6b00a9d73874678800158174806c0aef642a2624806a9e676c83a70441bce51bedef90bda4dd78c1835cc1a3485840","ssdeep":"768:y2foh39eMs0DMi2dcS1J7qXBnIB/Ele2DgZElKmOBr4V:y2foh39eMs0DMi2dJ1J7nt2DgowBrQ","tlshash":"2d23f971d642092c7063c1ae694642de35607013be1bae0c7b9c72698fceedf593a5bc","first_seen":"2026-05-12T11:07:30.172945Z","last_seen":"2026-05-12T11:07:32.002545Z","times_seen":2,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/wallet-modal.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/jetbrainsmono/v24/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yKwBNntkaToggR7BYRbKPxDcwg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.143.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"99:99:69:B2:FC:B4:4F:EA:18:FB:04:4C:0F:8D:3E:40:61:B5:31:00","sha256":"55:6F:9F:9F:5C:FF:31:03:79:C7:88:2B:89:0C:1A:2F:DE:0B:7B:1A:91:6E:BD:C8:7D:60:EF:5A:D9:C7:51:26"}}},"request":{"raw":"GET /s/jetbrainsmono/v24/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yKwBNntkaToggR7BYRbKPxDcwg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trust.claim-events.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31432\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 05 May 2026 18:23:36 GMT\r\nexpires: Wed, 05 May 2027 18:23:36 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 10 Sep 2025 16:52:37 GMT\r\ncontent-type: font/woff2\r\nage: 578604\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31432,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 31432, version 1.0","md5":"b636a65da4f00129f08c7df6e5dd75ac","sha1":"4f27206c4b1caf8b7805597fcbc6922ff5805daa","sha256":"83c005d49d8a6a50474c73a5a36ac0468076e9c4a29da7bdb14995d80560a5be","sha512":"77ad92edddd5fc9ce47b8b329cf41b2fec895ea01a97b9122df3766163998fadcbe47c868631208636c4e587136ddd390d38e3e9da2743758c9da2c77a66f859","ssdeep":"768:a8+AGQwBrw24YHLKRG5lBF260n1e5vhjJKWWAD95I9Puggtx:B+AiBrw2fHL+GyvYtYADM9Pug0x","tlshash":"52e2f274ea41ca57676335ed4203e99d015fa318ebf6fd40869ccad2a506bcb7c4033a","first_seen":"2024-10-21T03:03:54.505463Z","last_seen":"2026-05-15T16:56:04.002062Z","times_seen":4992,"resource_available":false,"data":null}},"time_used":475,"timings":{"blocked":234,"dns":2,"connect":9,"send":0,"wait":8,"receive":2,"ssl":216},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/crypto_com.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/crypto_com.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PqKwlQOU8DxCTpHSVouNoGOItd5JZ9TNL3VOjrtla%2Bs9TXJmg8V%2FW%2FTSoWeE%2FzLa5peKnZOZx5fFV1QzPeYHMpkwfFFTlNdU46ejdISn8NFLpG2Ccj5w0AZ4FPloLdqfze1oGX%2FJxKET\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fc80b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30709,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (363)","md5":"dbb22cc9f3f9709cf827210e5ba17a9a","sha1":"f90891eeb2cf896a05c74697ebc1f633edec9065","sha256":"5207e3fe911120a16acc45996f8097b2dbed6af3210e771f950858549addf938","sha512":"38a08e568df1a1ba9e9bd8854f73335c7b1b13b0010c82a2b69eb855b01521c7abc83080eb9016f439f79709d974ae0d81b4128b65f0bf3f1470bdec671bc7e6","ssdeep":"384:qAMP523Rr0uDVhFBhFQ6xL0J2BCH4J4lpsLbB4:7MP523Rr/bhFQKLE2BCYLB4","tlshash":"52d2836a66f320266817a2b56bfb571e3764d003d50fc9783bec02888fc2ad9995374d","first_seen":"2026-05-12T11:07:30.177297Z","last_seen":"2026-05-12T11:07:32.009912Z","times_seen":2,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/images/crypto_com.png","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/enkrypt.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/enkrypt.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3278\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-cce\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=993G%2BXxH6jj%2FGAnLc6u3fDGYuG4RO6Rt96Zx1FjrlydM40WF48plAKa9KapCJEwYaVZEvLWmhdEkr9e1tghmFUcL9NIiyt%2Fjk8lf05KmCLltU3D%2F3dT20h4a2Md2Ngy4WA%2BpdwoBP%2F%2Bc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f5fd30b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3278,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 310x163, components 3","md5":"aa4813f94e1e7222ee0ddf46a17d2490","sha1":"95b2f692ee356329737d8948d0b59c9926f805f7","sha256":"d79ae3970101726f52cd1160c839d9b5fc46df12856e1f4aa50a018d75226af9","sha512":"5cbdef66b52269bd4059345cbaa99134d512386ac7132d311f2e34bf80dab97b8d548e2b6a9845c3ca711fafab92c1d0f2fe543c63778e256c2ab04df01d137d","ssdeep":"","tlshash":"5f613b92fe05af51ceede3b20fb711e4d9d37902be08744206c8512f55f95aa6818d50","first_seen":"2026-05-12T11:07:30.180292Z","last_seen":"2026-05-12T11:07:32.017735Z","times_seen":2,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"explorer-api.walletconnect.com/v3/logo/lg/f96a8e15-9e3d-4bbb-b3d9-f8a7e9c02100?projectId=2f05ae7f1116030fde2d36508f472bfb","fqdn":"explorer-api.walletconnect.com","domain":"walletconnect.com","tld":"com"},"ip":{"addr":"104.20.35.94","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"walletconnect.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Apr 2026 19:35:08 GMT","end":"Sat, 04 Jul 2026 20:34:55 GMT"},"fingerprint":{"sha1":"29:D9:EC:AF:28:AB:86:B5:F5:38:A9:38:B4:CF:23:E6:E6:9C:63:04","sha256":"83:7C:8B:D4:F5:FB:85:02:A1:F8:37:D9:53:80:6B:8E:C0:ED:FA:F2:DE:40:56:27:B6:C1:31:C4:A7:8C:01:8D"}}},"request":{"raw":"GET /v3/logo/lg/f96a8e15-9e3d-4bbb-b3d9-f8a7e9c02100?projectId=2f05ae7f1116030fde2d36508f472bfb HTTP/1.1\r\nHost: explorer-api.walletconnect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300, s-maxage=300\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fa8f5113e8a32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T16:20:34.691298Z","times_seen":15225314,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":60,"dns":34,"connect":1,"send":0,"wait":86,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/math_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/math_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4828\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-12dc\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zu52io9VUhvJIOEQxnMeyRw%2BBFKarpgYw6gZI3%2Fu5sYmFwKzgmMYlTxw7kPcFrD0gNNPzD4bd0IMe5TVxIraes8%2B2yprD3RT1rv%2Bo8rGC5bq0zTtFtxTgax8IHukHlUE6oGLOstInAq1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fc20b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4828,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3","md5":"547b68e3576786b00766452f90074d68","sha1":"02473cf900f31b3a5dbf99d16365ac8446593773","sha256":"6db11b52b11ad70d68f38a616d8597e53de9c3a8377b120dde99d8159cfacf32","sha512":"03b4769f545e4f776ef4870bbb1ff46f8b03a6eda38dfd16a558e7ca27eed2142c39ad9c724133699648d715d160bca1cd428bff864ffe6cb8995d53d8a973fd","ssdeep":"96:g4fFWFY+MRLrquT+sAyce4rDOdrW3CmTP/ySz2xjYjYL:RfFW2RiuT+sAyn4DOUSGNz2tyo","tlshash":"95a18efe8a24a409d82f1f77e24da1c0456af13c3356bd77b6d07794a800a87ec8cb81","first_seen":"2026-03-03T21:03:32.691536Z","last_seen":"2026-05-12T11:07:32.011891Z","times_seen":3,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/frontier.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/frontier.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3589\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-e05\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iWEjCA9g4c6aJLjoN1zLAEQ%2FRngrjvtpsD741shwRiNgYpItAJUVV%2FO24sAGiChM6G6QzrYkRucocWIF8%2BrlvRNik2J9C47m%2FpXmvL8TmN8wfNnw2NqGFdT%2F4vhcS7Ec76RpMiKWXoAu\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fc50b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3589,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3","md5":"f77af7cee439607406b7d1f5d30d5762","sha1":"29d4c6101f5223e452dd390887bb4bd6c9b300dd","sha256":"d1a1111fcfc41aad72e795a35725af9a1e5e87ff95170d77c434252d150c3aad","sha512":"d71740de005b4896040dcca09d0a7e75feb8a2b2c6ccc230b92dfd7e32c2a28d3aea44fc88eade5f1c0fba093355bc941d2bb0bae1a31e770b80cd47687df9d9","ssdeep":"","tlshash":"af713ca68181682dd9cd3677b07386a79b0655a113f0594623ca816d44f19d87e31298","first_seen":"2026-05-12T11:07:30.187271Z","last_seen":"2026-05-12T11:07:32.004774Z","times_seen":2,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/walletconnect.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/walletconnect.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 6862\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-1ace\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TQZO0P7fy1HNqSFWbuVTeVs0anha4vI0vUJuO9ydM2%2FiwCsInQgpaaTNbZCWyCPqKsJHDenTKdFD98Odt1y3pyZeJegt5d%2B368pZ4rzkmUMujgArpGs6AJ%2B7Xjp2XL%2FHbr94KpdBOgN6\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fc60b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6862,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 224, 8-bit colormap, non-interlaced","md5":"e1542b3ae11c6c6cca42c88eb2153469","sha1":"ba21f904670cd833ba0d37ea4be848ef65013189","sha256":"443ae6fa612ee4d80159182796290fa515fe52578c1c30cc11546dd69e90a943","sha512":"ca737889f2874cd6b342a48d97824ff090af17943f6fba7f464dbf17b1491dbb57d19ab5500ed9b0bd1566d153705834511d50de32d6c5a1123e1f23996ec723","ssdeep":"192:sDjQZ034NdVH8UoH/twrgagLg0eAVpGO3iPZcM97:4c9lH8UgtwrK7BP3gx97","tlshash":"e5e17d85063ea270fdcd15f2c6fed836be9c5673ba5325ec80c6005966a57f341223a2","first_seen":"2026-05-12T11:07:30.189692Z","last_seen":"2026-05-12T11:07:32.001316Z","times_seen":2,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/uniswap.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/uniswap.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 8215\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-2017\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RQCQtKbippSLG242TEWpCz8zjD6cf0bOjeO9Nr3OUBgUDtwOTnLOW5O8ENAP%2BzFoa7sM8DJX065W4EMEYNSFYPOitxK%2FhypDeVmLArkYTiJ7HC5%2Fgaq09mMdA2LtqOkaabxyOYgWsfUX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fc70b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8215,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3","md5":"10f29cacd2bb4f9fd67ec7a163c0c518","sha1":"f5771f3d7f7627e534a99663a714694428a4eec1","sha256":"61f4e17254876f425c01c608a42dc495b2f51d3254ae546d938e6fae89795439","sha512":"3bf3f83a17a0323504020f8eacc0866f838c3841c540ec50bf39cb5bbe02974275e1c8083f6d1982229c70868e9942ba642dbeda52832fc6f3c8a9bf51ef8c43","ssdeep":"192:8tZu8wo/zzq/m5G34nX4uqJ7jH7yoE3CHOHX1Rvd:8iP87QeX4uijHu33YO31RV","tlshash":"2f02af1adf018d90d0cbeb3872ca1642d24d2e35f5d2ffac093ae966958d4d7919dc40","first_seen":"2025-07-14T15:04:27.637942Z","last_seen":"2026-05-12T11:07:32.029945Z","times_seen":4,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/hyperpay.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/hyperpay.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 5220\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-1464\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kd%2BPuAHH71R0%2FJ7cI3h7vjppjMyCpUwIJ%2FmPS6bxRV9uUqt3CQVb%2BYYsHfB%2BPhjFS2gdGmZqMkXQEmuo0VMgrIeNb1ZRq%2BXTDYmbSWsxTW1oJRTeDuOMEhP5SDdJaXf%2BaXnZnRxPLk1q\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f8fd70b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5220,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 310x163, components 3","md5":"3d1f83e2a0a9b35fa426d2ec4878ea8b","sha1":"f221bf4bcc22007ea7d2c321e397bfb02f8a4c42","sha256":"15c69ae2686accb0e2c57f5b12d0f43b09c69866fb2d0992e52ab77a57784f13","sha512":"3a251794d8eeac044375c30a28c1cb75b821d23fd091cb440d62ed8a1fb306f2a5f4010bc7102a0c6c2576d14ef1d7a5ef813224ed4889c7c5cbc957dede871a","ssdeep":"96:KhcSDydgtt+vuHlck5fVlIXc0eVBJw6c3AfVoG:Kh+et6glcUIXt3wfP","tlshash":"27b15c2be704c85af376d97633fba9daf209260133b6402fe21e486864b49c215598b2","first_seen":"2026-05-12T11:07:30.195644Z","last_seen":"2026-05-12T11:07:32.030788Z","times_seen":2,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"explorer-api.walletconnect.com/v3/logo/lg/dce1ee99-403f-44a9-9f94-20de30616500?projectId=2f05ae7f1116030fde2d36508f472bfb","fqdn":"explorer-api.walletconnect.com","domain":"walletconnect.com","tld":"com"},"ip":{"addr":"104.20.35.94","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"walletconnect.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Apr 2026 19:35:08 GMT","end":"Sat, 04 Jul 2026 20:34:55 GMT"},"fingerprint":{"sha1":"29:D9:EC:AF:28:AB:86:B5:F5:38:A9:38:B4:CF:23:E6:E6:9C:63:04","sha256":"83:7C:8B:D4:F5:FB:85:02:A1:F8:37:D9:53:80:6B:8E:C0:ED:FA:F2:DE:40:56:27:B6:C1:31:C4:A7:8C:01:8D"}}},"request":{"raw":"GET /v3/logo/lg/dce1ee99-403f-44a9-9f94-20de30616500?projectId=2f05ae7f1116030fde2d36508f472bfb HTTP/1.1\r\nHost: explorer-api.walletconnect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3282\r\ncf-ray: 9fa8f5111e3732fa-OSL\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 34053\r\ncache-control: public, max-age=31536000, s-maxage=86400\r\netag: \"cfHqVfUrQiwHUI537imp8ULHpmfmDcyauXnchu_YTSDQ\"\r\nserver: cloudflare\r\nvary: Accept\r\nx-wc-r2-status: HIT\r\ncf-images: internal=ok/- q=0 n=394+0 c=1+3 v=2023.9.8 l=3282\r\ncontent-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'\r\nx-content-type-options: nosniff\r\nx-robots-tag: noindex\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3282,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"af62da67f636b75b5ad4ca9c2a33f4c0","sha1":"fb7418c1a63c0974c48d5e137fe4221ddbecf15e","sha256":"933ed48f41b1d04a43549bc4c39ddba2f3a2f2a72fe0e3fde2c75c25b3bc6878","sha512":"3a714effb03d8ec82d8cbebcb3aaa634fdfd4720450bfedfdf3c6942d46b2c178e0d3b802a18c4ca89cae453e8d495a9aca2e2f8e263b65beafd0d250cd27e8a","ssdeep":"","tlshash":"d2613b44e204346e5a7b2d7076c1bce3d98a2c89bb553d32182dba62c9c5c478e44c6e","first_seen":"2026-05-12T11:07:30.19793Z","last_seen":"2026-05-12T11:07:31.998084Z","times_seen":2,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":51,"dns":33,"connect":1,"send":0,"wait":47,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/metamask.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/metamask.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3215\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-c8f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mre0eMsae2oRo3oborHBuImytCAqeSCSc8vCL6BT8OBtKAr%2FY1foK13UHI0J1npW%2BZt3eBVkDcOLElXv5vNi7a69RDH3yKjafLqWM9QnN3RWtwmsnScFZBGbulT0Dokifo7SdOQ%2FUrTj\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50eefb00b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3215,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 163 x 148, 8-bit colormap, non-interlaced","md5":"71b2d307c667320661b0bab474c22ec7","sha1":"ad1d620518aac895974607282ba3a8ea59afcc46","sha256":"da9e599b77f4780d5621314b04151028687b4e58ebe6e977ba6767db5b771d67","sha512":"0512b419e099648434b6f13ac621d1d1892f1bedc68b0db5ab985c2ae7b0fa08f73a5d3ad449a06d1f05318c7eb071e2e57b12c766c48a32a4cf3e5e42275cdd","ssdeep":"","tlshash":"db616d41db34bdae8439a7c214be9074db41533eceb32c5472d59eaa70b09cb31e471a","first_seen":"2026-05-12T11:07:30.199877Z","last_seen":"2026-05-12T11:07:31.998867Z","times_seen":2,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/phantom.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/phantom.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 1879\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-757\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=31HYxgEBlaBNdcarlsVGXYQkEHZOYJ3DBqzjJcW5dQzyznew2B9DcsJrEQ1rbYsVi0hBzat5magd0lbwbpqIneMzepY4TRvDjgIziH%2Fm%2F%2FwrkkUM3Eslywdlfz3rPwIK8PorUoSnXGM3\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fba0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1879,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"01d6d68e8150fa53237f2c6341973a6f","sha1":"95c98bb17b7f65eeda1d2b340d1cacbd3f549b33","sha256":"7114c7e0b185e4cf1612864acf93e0ca562da6081ffca9869990656a648605fb","sha512":"35cd8c3a7ad5e77d93fab03728dc67a01ac2cbf35257a01ebd324630976edc1c9d771bc5871a41b307ffb27b7c81d5822c9314c383e1e6bf79cf91f19f38661c","ssdeep":"","tlshash":"2341f96fc5c91df58cf086132eb2610a7735574e0c325593a28a40369c2b53c92cb82e","first_seen":"2026-05-12T11:07:30.201449Z","last_seen":"2026-05-12T11:07:32.00008Z","times_seen":2,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/rainbow.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/rainbow.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4976\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-1370\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JH1YGB0B5gZISeT3yvUXz4adrMvNEgbn80qmWC%2FeObyt4t2odsWRTB5wEvhgSCX3rQTN6ihFjRV%2BK3U24tJAZOv3jTKuOt8WEI0lPFTeiDIfDg43%2B7gDCn%2FBJloKE0c1C%2B43nGcLw7e%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fbc0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4976,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3","md5":"6a169687b67b18e27b6a408c407fbfbd","sha1":"ee21449630463c6d28cd629b7df7df872996b1d5","sha256":"74943ae5186408dd271b771ded972b29a90918a96850fde2982251d916729ee9","sha512":"411884885b9cc6f9754227d6eb6a3bb300aa4ea1b7c99804113f5e4eca3446cd6af94595689022e94489a7ff3d49108de7516d3e2793987f8164aeaa361d28bb","ssdeep":"96:KtqJoI+peDmxjhanxsD1+YNlop9zSmiih9Zb6RYiR++idS3:YWDY1hNWveVih9Zb8rR+4","tlshash":"a7a17e1105a8ef1bced98738d21a0f69efa329de06b858534551561287751f0d86cf60","first_seen":"2025-04-21T12:37:03.36648Z","last_seen":"2026-05-12T11:07:31.995961Z","times_seen":18,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/zerion.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/zerion.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 2988\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-bac\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8CI8COGm9sRicPgVufKlPMAio3Ou0AEdEJqbMBlGQEbHZR%2Fqdshhe2crN0X7o9C87lje2YWFC6%2BHwGN0YRVLSmmxmC0pIiJ8pyeihx06UDzi8WERaPT7T%2B2Iick1186wiwlMZOtLXJfE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fbd0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2988,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"4df96bffc32a0a9768573c0f6991c597","sha1":"b66002be9a94fabfec1d40d68346629172a17c75","sha256":"e6560af3648620fe64607d4b3dbf973ff8b2840a33993f367374214a6def2a44","sha512":"f458c04833010c43f05aaa03f69981047203add68d60c7de2501b16811411445b4e3984100fb6e51e0cae2d3a819cc343ab4fe3b71e70f3e08ecc442e084939f","ssdeep":"","tlshash":"7651295aae490299f4cde670ac36513df286d3a0e062189e4786064ca723cc5ce32410","first_seen":"2026-05-12T11:07:30.203753Z","last_seen":"2026-05-12T11:07:32.015804Z","times_seen":2,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/brave_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/brave_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 6143\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-17ff\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f7cd%2Fj%2FEGMQ9Fxfsqxq28piSJkZtq0xprB%2BT53M3ui6ztXNPlMCIyWNkewKGj5Y8mdDBDNLuFFbCTvAEXorOmyVe8Yf%2F4SE68BJ3WlNxoFQTOTjnKLCfCxfe9ffbYx%2BhQednfqH2AHVE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fc10b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 207 x 243, 8-bit colormap, non-interlaced","md5":"3a34a122920eb24c9a61b552a759663c","sha1":"0cd68945bebd3dfecf058a97a9b141cdb8506492","sha256":"330891967d2008fc3ab69379429db0196a6cd8889e01bc7181bab2f317cf4ee2","sha512":"c25f03eb9edbb7f80637ec4026a6ef92e754e568ae202d2d9ef4ac21087f7ce1facd08dcdba555cab2da1512f58bf46c798f49512e1eed40d3d4f6893476e688","ssdeep":"96:2lad7yAeVbrCWSpcPmdDrt8OcT95N0OfS60EOhbm5XdsLrER9xFV3hfgb8Pj7LNb:ztyAeVLSGPUy5ra60EUm5tsLrm9DBqi","tlshash":"efc18e4fd3d89af05951324767fae1ea65f40ff95c1513e20a9cbe913218cd77d10181","first_seen":"2025-08-10T04:13:59.776671Z","last_seen":"2026-05-12T11:07:32.036075Z","times_seen":12,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/1inch.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/1inch.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=km%2BrWmiCvzK0s8GDMU3lGiDUw1gMpO4P%2BEVWZT%2Flp4VFBIdM5cki3RlqCHPpyRNrX616ItmY7F%2BnJo%2B%2F%2Bnc2uCGsr327Av2eCK%2FU3YYv9LcLm5T5u1KJ7yp2sROlfTd6QVDyAV%2F7DhXx\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fc30b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30709,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (363)","md5":"dbb22cc9f3f9709cf827210e5ba17a9a","sha1":"f90891eeb2cf896a05c74697ebc1f633edec9065","sha256":"5207e3fe911120a16acc45996f8097b2dbed6af3210e771f950858549addf938","sha512":"38a08e568df1a1ba9e9bd8854f73335c7b1b13b0010c82a2b69eb855b01521c7abc83080eb9016f439f79709d974ae0d81b4128b65f0bf3f1470bdec671bc7e6","ssdeep":"384:qAMP523Rr0uDVhFBhFQ6xL0J2BCH4J4lpsLbB4:7MP523Rr/bhFQKLE2BCYLB4","tlshash":"52d2836a66f320266817a2b56bfb571e3764d003d50fc9783bec02888fc2ad9995374d","first_seen":"2026-05-12T11:07:30.177297Z","last_seen":"2026-05-12T11:07:32.009912Z","times_seen":2,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/images/1inch.png","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/coin98.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/coin98.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3540\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-dd4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b8SUiIBj5%2BWMudmLZbZEXrZIB9QPD59dyuepqpZMYm%2FGlTEQgpmszC7q8P8Vun39GhsezGj65zXKuoSZiOd161o8BU5HzWiw6pZN2tJgSQs%2F1dGAOYK08sw6dW00GGe4f7On8ypPBEfj\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fca0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3540,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"b47c0ee7caa9fe6f1eb42b0a17a652f7","sha1":"470c56726d60f165496204ad5ad20b6f579330c2","sha256":"43bec87d168b20680c10cf3fc867fd214ac3495b4cbd3ff6383fcc8b7aa4b006","sha512":"26423f26cc666f6e0d8d513866aaec29877358ce35ebb9900b8fe57db80ffb3aab8a521013270d5888d3a123ef19a914d06c2316416cd19167a5595bfd7eaec2","ssdeep":"","tlshash":"e5717e46e39259d8d447c1428e52f1b096a77a7fc6d40453098e68fb122fbd48cf0db9","first_seen":"2026-03-01T20:13:51.938033Z","last_seen":"2026-05-12T11:07:32.017208Z","times_seen":3,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/blockchain_com.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/blockchain_com.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jyIAdSV8sL43ktzYlUYNzQpxVO2%2FABLEpLM%2BJ9Ha6R2%2BqOGhXIpTpZz6cRKXfUi8VgRgpmMU60ItqE5MEZNnk7n5dEd%2FBe446ZwV8lK3RyaCfT7jd9mId3DYA0ISiIJUNJAWWn8mEeb%2B\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fcf0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30709,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (363)","md5":"dbb22cc9f3f9709cf827210e5ba17a9a","sha1":"f90891eeb2cf896a05c74697ebc1f633edec9065","sha256":"5207e3fe911120a16acc45996f8097b2dbed6af3210e771f950858549addf938","sha512":"38a08e568df1a1ba9e9bd8854f73335c7b1b13b0010c82a2b69eb855b01521c7abc83080eb9016f439f79709d974ae0d81b4128b65f0bf3f1470bdec671bc7e6","ssdeep":"384:qAMP523Rr0uDVhFBhFQ6xL0J2BCH4J4lpsLbB4:7MP523Rr/bhFQKLE2BCYLB4","tlshash":"52d2836a66f320266817a2b56bfb571e3764d003d50fc9783bec02888fc2ad9995374d","first_seen":"2026-05-12T11:07:30.177297Z","last_seen":"2026-05-12T11:07:32.009912Z","times_seen":2,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/images/blockchain_com.png","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-12T11:06:59.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 12 May 2026 11:06:59 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N8gXMM%2F3Mzrje5m7y56SdFcKGkxE2LAXZJ5SIGgDzPPKFKNbLAQj7qE41cpMzsGC9ZdT2NMXOISvvDzMMTxRsUJw%2BR11UfVuCpX75LPS4x0Ez1cwGuOZvPdtJD9m9FGbGIW73ximRwuh\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9fa8f50afce256b1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30709,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (363)","md5":"dbb22cc9f3f9709cf827210e5ba17a9a","sha1":"f90891eeb2cf896a05c74697ebc1f633edec9065","sha256":"5207e3fe911120a16acc45996f8097b2dbed6af3210e771f950858549addf938","sha512":"38a08e568df1a1ba9e9bd8854f73335c7b1b13b0010c82a2b69eb855b01521c7abc83080eb9016f439f79709d974ae0d81b4128b65f0bf3f1470bdec671bc7e6","ssdeep":"384:qAMP523Rr0uDVhFBhFQ6xL0J2BCH4J4lpsLbB4:7MP523Rr/bhFQKLE2BCYLB4","tlshash":"52d2836a66f320266817a2b56bfb571e3764d003d50fc9783bec02888fc2ad9995374d","first_seen":"2026-05-12T11:07:30.177297Z","last_seen":"2026-05-12T11:07:32.009912Z","times_seen":2,"resource_available":true,"data":null}},"time_used":381,"timings":{"blocked":91,"dns":72,"connect":1,"send":0,"wait":199,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.143.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"99:99:69:B2:FC:B4:4F:EA:18:FB:04:4C:0F:8D:3E:40:61:B5:31:00","sha256":"55:6F:9F:9F:5C:FF:31:03:79:C7:88:2B:89:0C:1A:2F:DE:0B:7B:1A:91:6E:BD:C8:7D:60:EF:5A:D9:C7:51:26"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trust.claim-events.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 05 May 2026 18:20:10 GMT\r\nexpires: Wed, 05 May 2027 18:20:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nage: 578810\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-05-15T17:12:37.182923Z","times_seen":3021,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":98,"dns":1,"connect":8,"send":0,"wait":12,"receive":8,"ssl":87},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.143.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"99:99:69:B2:FC:B4:4F:EA:18:FB:04:4C:0F:8D:3E:40:61:B5:31:00","sha256":"55:6F:9F:9F:5C:FF:31:03:79:C7:88:2B:89:0C:1A:2F:DE:0B:7B:1A:91:6E:BD:C8:7D:60:EF:5A:D9:C7:51:26"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trust.claim-events.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 05 May 2026 18:20:10 GMT\r\nexpires: Wed, 05 May 2027 18:20:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nage: 578810\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-05-15T17:12:37.182923Z","times_seen":3021,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":161,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":142},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/safepal.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/safepal.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 1142\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-476\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6S2GChcv9c7Zrw6R6aWp11WroDiVbw2%2F%2B3HpsDkBEHMCeMXriaAphfffNkWR4LGzRoEmiElCZitMJcK3AVCVDQVMlOlJGTUZ5ZvrrHGd0QOzQNBuxSMxjGwWLADU%2Benxv6NlTwPNnVNo\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f1fb70b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1142,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"8b738aa920805e95c9ff691dbad743bb","sha1":"cc54c1d9b32929015a72ef99f261515250c981b1","sha256":"9496c7d3a519557febd16b5c86b710a94cd84a2c4fb04ad59473ffa69da301bf","sha512":"f0476328145889663ac918a0f0a538729536f8da18b7495e8f7ac055429b395558ced13e5ae91be7650e7b15e7d9abcee361d25669378ce6ced3975dedcebf64","ssdeep":"","tlshash":"af2167724a2ccf21dd939179c5906fa757ff033719e22254e1954d9e1408f0959e411a","first_seen":"2024-03-10T17:39:13Z","last_seen":"2026-05-12T11:07:32.028317Z","times_seen":102,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/ledger.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/ledger.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 886\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-376\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uyFsnMUiX8lAOTA%2BquhmWLQz1Nv53MjeSYHNIPM23eXiy9DU5oVN01MUKj0B1EBdvQETE%2FpRD3OXtPDOzZDl6byF02ygAdHRi2UH3ttQRIG3VYyLPfP0Y7IpxCVUAwm44NWsDR6yihzd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fbe0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":886,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"cfb1ce494d5eaa45bceb5ded5b835a2d","sha1":"c718c6342879ed54786b4f1d97096b57805774ae","sha256":"ff612e6bcb75b141d6b672f04339270738d51e512d7bea9aa01b806eefba06b6","sha512":"aa7b99d17245f8a1aa4a49d1bfd40a25f5be8f251fa7dc710bfcf052f8fb531de5d3fb635a4cfb47463222347541d5aee4e39b8e678bf6d803a14617475f8f2a","ssdeep":"","tlshash":"f21163f1a4753b2ad984cef24620a4b258483fca2bb273831bb1f7859aad3351844045","first_seen":"2025-06-24T09:52:16.956501Z","last_seen":"2026-05-12T11:07:32.008661Z","times_seen":8,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.143.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"99:99:69:B2:FC:B4:4F:EA:18:FB:04:4C:0F:8D:3E:40:61:B5:31:00","sha256":"55:6F:9F:9F:5C:FF:31:03:79:C7:88:2B:89:0C:1A:2F:DE:0B:7B:1A:91:6E:BD:C8:7D:60:EF:5A:D9:C7:51:26"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trust.claim-events.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 05 May 2026 18:20:10 GMT\r\nexpires: Wed, 05 May 2027 18:20:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nage: 578810\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-05-15T17:12:37.182923Z","times_seen":3021,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":79,"dns":4,"connect":8,"send":0,"wait":14,"receive":4,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/trust_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/trust_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3471\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-d8f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3zXrFTjjJmdLyhYR7ugt%2Bx9Gy1e6Sdd3%2BJeyRRIFxf6fJgTQYOiSrLZWBmWSf4xhwcmJQ00pPLW7PY38z867%2BQrtnsJeLMhnMnsFlPmuda42WRT%2B%2BZdFO6PnrGtS%2BIH2ZLCTK7Ly18Ct\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50effb10b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3471,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 148x148, components 3","md5":"dca1437a402a3fbbbc4656a0c96fa23d","sha1":"505458e768fb350ef6005f4d0b1108ced8205e7f","sha256":"79eb913fef8db85dd2df6f72e39f9c10588327a151f7f2fc53df72b799f2f1bf","sha512":"fdd5d8256e5a9b526cbbbeb07bc800e060ec60f7f6a72c0474876384a0bf1e90a070fca44d832238ac070f248fe4126dcc3c4b99ba9b98ffe81c1499d1b7985e","ssdeep":"","tlshash":"56614966ee4a1817ce0bbb3a11434945ed307003e5605b4e1c20c2e0b3e8969ae8b0eb","first_seen":"2026-05-12T11:07:30.210743Z","last_seen":"2026-05-12T11:07:32.033505Z","times_seen":2,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/coinbase_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/coinbase_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 2402\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-962\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pVCif1CB6ieOay%2BJqMUb3VK1uAqxe7PVOiKyMt7rG3IIL6SFFjj4bMe8mxixwfh97lHaTWATPqoULQhG7NdrUmivDXdThqEZQDGEvU2efBKVtEbnaGdle5%2FkeZvvk5KNn76KpLetJGSP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50effb20b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2402,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 148, 8-bit colormap, non-interlaced","md5":"d3b74e20cb6e2db8d33c2d81475114ac","sha1":"7a0244fc0950a81149609ec02d0807690a4b54c8","sha256":"ccb3d74264b94e5bdecbc1867dddd012cf68eef7264e54a9ee964929d997ae93","sha512":"75343f338387dec9e60d55236e9a2b13aa7a5f4e8d29d400a766f12d803a1f140cf09bd67bede1018a3368f00bd3efb012987dcfcb0e6cc230114992bf072fd2","ssdeep":"","tlshash":"20410ad9d86d842566668a58d173197f7dbd6b71c0d900b02937882a42ad0ef8a82ea1","first_seen":"2026-05-12T11:07:30.212505Z","last_seen":"2026-05-12T11:07:32.010827Z","times_seen":2,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/binance_web3.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/binance_web3.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 9503\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-251f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=23bwTcs6QOyCIBgD7IT2NWH4MShsnx1gYhoGr4cjOVx0bm65VQFb2A1DB3h3sUz0x60O8BTgF9x6vxUluuyA%2Fv49dpY%2BsOpymSFgQOBT0u90AAO9zADn5E1KmqsPQQ32FMoRbZ6UEF0q\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f1fb30b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9503,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 284x177, components 3","md5":"7d479d42212624a179f2c1d6331876c4","sha1":"02151b98b71a7fd89f30fb7233f5abacde321d7d","sha256":"d8885593a871d358c2d4535c212ebb4a8a1e34b347f99b50aa51a0eb7e669b2f","sha512":"122178cbed0ecccaf50bcbcb0c89d145e88ce9899a617a071400a608fde44dab0a0d3fa04fd383959be72104f9f314843d18578ef02d4559cac4a865b4a275a6","ssdeep":"192:GFDLYwZb8yFK1e8arwe0n73CtCTu1ITshANr1GMdr7ZrSOwzOt:avYWbHF5s7nGtLCTshANJGOr7ZF","tlshash":"fa12c026b3161560cc4487b1e12c1555c53a7569a3bee6cfe2345bc0ed7f34022bdaae","first_seen":"2026-05-12T11:07:30.213936Z","last_seen":"2026-05-12T11:07:32.01354Z","times_seen":2,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/tokenpocket.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/tokenpocket.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 1489\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-5d1\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LWmD4RW6r0ZroNvlcrLyhsXClrxMyz36zQ3T5KtwucaifGYZp2ghJiOP%2BaVFUjLDRgZlNh9f954H2PhotmTmGRBBPIhOXsNIsF%2BwnKf1CP89laaCqLn0s9So7zG%2BttZ2Ucp7o7VJOf62\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f2fb90b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1489,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"8f85c072392123c3c3ea858cc8dac9f4","sha1":"ac3b92520325f085cd76729d49d1e585aa5606c3","sha256":"1c50291eff6e4735e5b4448247fd34e0ba8b6882cd7532175e1d70c3f2d5be7a","sha512":"bf12cec57f384ba51780738e0e4b8cb3bfb184cef858072e5ae354f7ee9d02dfa45f1a7a620327fb66c312a8b20403f9e122b4f80659f5ae0ab9f6a3055e7115","ssdeep":"","tlshash":"e831e9cdb82a8e0fd8094d37dc846a7bdf6281c81069948362635dbce9a312e8d51906","first_seen":"2024-03-10T17:39:13Z","last_seen":"2026-05-12T11:07:32.00412Z","times_seen":11,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/exodus.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/exodus.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 5421\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-152d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zE1SdbUUEmgWKhp%2BFkUsD4ZxQjnDLbzyQNv1oj4vRXxGlLMKgRYFBjj5Kmip%2FUtNsnjiGekLMk67i0gfS0koyya4pLz5QP37yL%2FR4t0GwVGDPnf1IPClrNYLgwtbK62RMlRkXr61GV1R\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fbf0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5421,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3","md5":"30adcf922b6bdd585fd2f08a422c3a92","sha1":"4ea43247c799e2d0e73aa0813d63c0f6fbef1cf8","sha256":"7301b932c8dafe80425e6d0353a37d4cea55c279bb7317f9c80e4d19e6e97ed6","sha512":"51e8cc577d85320c8e33ab4493680b7850d1d1ddf693144a985b5fabc8f091af64901fc51fb5fed07ab714f4dbc284983b167a126326d35946adf15f1eaa7b80","ssdeep":"96:KzlTVHWAUCVScnEaHp2xogkud/kspZdeYHJLAfjjH1uM2uO:KHRPJseudN5ZLAf3VuM2uO","tlshash":"41b16c3f12a34956d028148a13a0ad4d43156fcbaf3c4f7634ae0194ebb1cc0b1d7793","first_seen":"2024-01-08T00:36:04Z","last_seen":"2026-05-12T11:07:32.009256Z","times_seen":53,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/imtoken.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/imtoken.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 5117\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-13fd\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DUTYJbojbD4GAma5L0uec0Pk5omitG2l0WQOMuDVHZVS8HAeMYVdELOqOa7yCkmjaBIudWR%2BytFBearOuQRmHgiugqfeR4O5VLwrwGnNUIiK3R%2BPKXpXPpRvkkjrOB3ef9YzWUHiW%2F%2F9\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fc00b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5117,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3","md5":"788613a9fa337f00e1534d6501a481da","sha1":"355aa2b95abf80f3847e7088f42d2eeda735a53e","sha256":"0884c1591485901b992ea7a32e54eb84399b394e33868ecf18fde4d5a67358ba","sha512":"550356103a737a45950334655974aa1e447b428594b6fbed4a6847ebd67dcbc1dc0cf62459152990fe1e2a67839515c2083290a1c0fd068d18edfa560a8583d8","ssdeep":"96:H0tjTuHnpdSPYYHxIYxBlMbiV5SXW4NXNHdz/1E1xTKlFQHQyqTBRXupA:H0yuPpbdMbO5SmcXvz/1Ejw2wyqTvupA","tlshash":"d4b15c9dfb0d9200cae7453148f91314e678be0eaf111c37aa14278a36ad6f740bda47","first_seen":"2025-06-11T06:58:41.846732Z","last_seen":"2026-05-12T11:07:32.000778Z","times_seen":44,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/argent.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/argent.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 1636\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-664\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3k8OXH0w9T0TkRB2HkgSzwdBJWa6SMyGhAPzTlY2tRwSxGWGCEOYYNMaHFFnPibAtlVMxjUU6JAwelgHvz9FPoJzRjvPBTUHIk7sLxJyYQVyUjEO2qhuu8BbxveRRD2M1mhrCwNKesXB\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fc40b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1636,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"9a646ee0b0682744d9ad6bd50c4b4f4c","sha1":"ad41dfeaa93236c8f8b500716cf5953a5b628087","sha256":"6ebb904704c5469d41d7aff0e70eaac8fef4c97b9248abe2c6fad3e11a09aa6b","sha512":"33574946764a2a034190b3a3a8c9913e551d1dd27ba80a1993f888b512bf0a8a7b3836151319abed584ce0196ebe24b9c7084ae8e45f448105cc9d9902ad83be","ssdeep":"","tlshash":"123107b5ca6c888cda884ff292ec34b4f7a4705a7468ff958dcb32c02174698a80196d","first_seen":"2024-11-04T16:16:28.009898Z","last_seen":"2026-05-12T11:07:32.016577Z","times_seen":6,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.143.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"99:99:69:B2:FC:B4:4F:EA:18:FB:04:4C:0F:8D:3E:40:61:B5:31:00","sha256":"55:6F:9F:9F:5C:FF:31:03:79:C7:88:2B:89:0C:1A:2F:DE:0B:7B:1A:91:6E:BD:C8:7D:60:EF:5A:D9:C7:51:26"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trust.claim-events.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 05 May 2026 18:20:10 GMT\r\nexpires: Wed, 05 May 2027 18:20:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nage: 578810\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-05-15T17:12:37.182923Z","times_seen":3021,"resource_available":false,"data":null}},"time_used":485,"timings":{"blocked":238,"dns":2,"connect":8,"send":0,"wait":10,"receive":1,"ssl":224},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/jetbrainsmono/v24/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yKwBNntkaToggR7BYRbKPxDcwg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.143.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"99:99:69:B2:FC:B4:4F:EA:18:FB:04:4C:0F:8D:3E:40:61:B5:31:00","sha256":"55:6F:9F:9F:5C:FF:31:03:79:C7:88:2B:89:0C:1A:2F:DE:0B:7B:1A:91:6E:BD:C8:7D:60:EF:5A:D9:C7:51:26"}}},"request":{"raw":"GET /s/jetbrainsmono/v24/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yKwBNntkaToggR7BYRbKPxDcwg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trust.claim-events.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31432\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 05 May 2026 18:23:36 GMT\r\nexpires: Wed, 05 May 2027 18:23:36 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 10 Sep 2025 16:52:37 GMT\r\ncontent-type: font/woff2\r\nage: 578604\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31432,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 31432, version 1.0","md5":"b636a65da4f00129f08c7df6e5dd75ac","sha1":"4f27206c4b1caf8b7805597fcbc6922ff5805daa","sha256":"83c005d49d8a6a50474c73a5a36ac0468076e9c4a29da7bdb14995d80560a5be","sha512":"77ad92edddd5fc9ce47b8b329cf41b2fec895ea01a97b9122df3766163998fadcbe47c868631208636c4e587136ddd390d38e3e9da2743758c9da2c77a66f859","ssdeep":"768:a8+AGQwBrw24YHLKRG5lBF260n1e5vhjJKWWAD95I9Puggtx:B+AiBrw2fHL+GyvYtYADM9Pug0x","tlshash":"52e2f274ea41ca57676335ed4203e99d015fa318ebf6fd40869ccad2a506bcb7c4033a","first_seen":"2024-10-21T03:03:54.505463Z","last_seen":"2026-05-15T16:56:04.002062Z","times_seen":4992,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":94,"dns":1,"connect":21,"send":0,"wait":13,"receive":3,"ssl":66},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/bybit_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/bybit_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 5502\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-157e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=G9zy5cQfXmSsDEL8cXnJLvlIFr6uuVcV%2F3UdgIVHVTlNWYtGnW0wn9tY6AT1QMdAG3vdAI3IrwbXr6HxmFGKIsM54Z%2BFIsl5pKabg7jWaURE%2BPTtK9%2FRfDmFulK%2BLDFPPKFyeCp0P1K8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fce0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5502,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 224x224, components 3","md5":"3d033c3a529bfc1e5c51b76c60d03550","sha1":"58520a37e660f3e88462417e0571f467e84b73b1","sha256":"ee2f9ae8094bf51fa353bca10d870364a5dea52fa20e04b039c3b5665ffe23ef","sha512":"fd1ad6d225bba79031ebec5550763bea3306508f5094dda14e0a61c553fe8645dca44c522ab41cfb92427783a86b4f3435b83f17e110e36dce6e393cb7fa25fa","ssdeep":"96:WiYLFbGI/pDiTDBg+1SrmFGjg/M7qU/FBRXUt9zr+EveVC2Y:KZqI/piTDpKmFGUM/FBNg9CVCL","tlshash":"53b17ccab957a099a88d463e3e7584755825eef552758e17380c10e2c3b78accb19a34","first_seen":"2026-05-12T11:07:30.221694Z","last_seen":"2026-05-12T11:07:32.006555Z","times_seen":2,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/alpha_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/alpha_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 2889\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-b49\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6WICxIQuwwHEURfpKjy6Rrhe4xjLMVpYklN1n57zDgPMKDDYZJKVANmvz3Ktdlxm%2BNEdkiRg7egBkBbwApO7kEWIFfzmGL1lZeaAxbAC2Fqn4GdoxcGFg13HWqRpf5pAIxJSOetL8RGK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f5fd10b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2889,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"a4eb7674d18b2970afcdc9b2d82eb64f","sha1":"e388a3332013c017526f7e3fe831606e967ccec7","sha256":"fd52d6b6825e9f19dffc7713d8fefdb7aca7073b07468c4b9ac0216ed173fea7","sha512":"2297eee0affc3240bcd6f3708bcded8f2af53cd24ce866834a516daa988d055154102ff19f7fbe2d3210b27db52543da1c17027ea41d38c8d6a9bb2b21d47854","ssdeep":"","tlshash":"3c513babf0b1116449d20973b70a8254bba4e8f7a50c10ec121c9b2d4ca09beb6d142d","first_seen":"2025-04-21T12:37:03.357701Z","last_seen":"2026-05-12T11:07:32.007297Z","times_seen":4,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/favicon.ico","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9Lpq9d2%2Bxz001s%2BCRXpJz4nd38AmU%2FAaDZZTSGumjTrqScg69%2BJjb0SxjUAsOAYKVg5PRWHRGxlHpizashu8FMyxdo2NA00wCefUBBnn8Hy5QtvEQ%2BzP4i70DQxe6WhHVmHWGjudyHgI\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9fa8f511c8060b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30709,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (363)","md5":"dbb22cc9f3f9709cf827210e5ba17a9a","sha1":"f90891eeb2cf896a05c74697ebc1f633edec9065","sha256":"5207e3fe911120a16acc45996f8097b2dbed6af3210e771f950858549addf938","sha512":"38a08e568df1a1ba9e9bd8854f73335c7b1b13b0010c82a2b69eb855b01521c7abc83080eb9016f439f79709d974ae0d81b4128b65f0bf3f1470bdec671bc7e6","ssdeep":"384:qAMP523Rr0uDVhFBhFQ6xL0J2BCH4J4lpsLbB4:7MP523Rr/bhFQKLE2BCYLB4","tlshash":"52d2836a66f320266817a2b56bfb571e3764d003d50fc9783bec02888fc2ad9995374d","first_seen":"2026-05-12T11:07:30.177297Z","last_seen":"2026-05-12T11:07:32.009912Z","times_seen":2,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-12","alert":"Detects file containing Telegram Bot API","trigger":"trust.claim-events.xyz/favicon.ico","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/bitget_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/bitget_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 1224\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-4c8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C778zA64oXJ7iJfJVsyV%2BIWkfFsR1142V01LZhDgRaYvb2TECknGzy8soAFgOZI8JRAlARlh%2BoLBsNUSBJciYu%2Bmg4xfC4ivOtGfOD7Gtd27RE5HtHMr%2Fs1tjuh9oIghHV9WT6PCmLcV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f4fc90b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1224,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"01a3cb080fa45e33e9477a8121390ae2","sha1":"4ba5e297d4df036687b42b773a4316326ad641ca","sha256":"bd022bb441e6cdac1303b3e8fbe7e14f393b6e5bc2e4c0d0be8176caf9bc64b8","sha512":"90b6b94d71ac71379934aac24b85508d41e39240f03fa7b31641219e09b9401a8c5f534e444938ca80e0f8eda0c39e06d7a308f7dd07b822d2b7f532da226df8","ssdeep":"","tlshash":"f321da93837ac878bc371219fd1943a17a42649d46ccfdfd99efc08f4a5992c904b517","first_seen":"2026-05-12T11:07:30.224998Z","last_seen":"2026-05-12T11:07:32.005608Z","times_seen":2,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/keystone.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/keystone.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3193\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-c79\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gbMd%2BwdIM8%2BeyGD2UUSUstaKeQZZQoEQNZ0mROHQs0%2F0IdUWsrvyb8mhzFgntVAWDNBwdprUFIIu1565c%2BYA9e52Yu8GriJfP0FLqUeisplakW4om2Tc5kkiMJR3FWVdNHBvXKMlHR02\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f5fd40b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3193,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"77f73a92cb6f390681944e967e6d2d22","sha1":"f432ffe7fa2e2b534395248dc4591639ab0d0296","sha256":"37c9ad7f11611b364de86108ae7c4ff916c3dc83193d35febef7014238cefa43","sha512":"c3e4aede13a206cdf18dd9c5f41fd08d911f4ef48418210f2ef7111925d06ed7158cf77d5a4237e6a972ac4a5d517ea1a64c31b0f4ec84e1d75b48c47ce03470","ssdeep":"","tlshash":"1e614c334fcaa321e4248c3909af12346bc4f9d96df54a4b85447ad6a4438021c7abb4","first_seen":"2026-01-15T13:32:52.367018Z","last_seen":"2026-05-12T11:07:32.007928Z","times_seen":9,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"explorer-api.walletconnect.com/v3/logo/lg/2e4e4c20-4cd4-4c84-8e5c-45be0a3d4100?projectId=2f05ae7f1116030fde2d36508f472bfb","fqdn":"explorer-api.walletconnect.com","domain":"walletconnect.com","tld":"com"},"ip":{"addr":"104.20.35.94","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"walletconnect.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Apr 2026 19:35:08 GMT","end":"Sat, 04 Jul 2026 20:34:55 GMT"},"fingerprint":{"sha1":"29:D9:EC:AF:28:AB:86:B5:F5:38:A9:38:B4:CF:23:E6:E6:9C:63:04","sha256":"83:7C:8B:D4:F5:FB:85:02:A1:F8:37:D9:53:80:6B:8E:C0:ED:FA:F2:DE:40:56:27:B6:C1:31:C4:A7:8C:01:8D"}}},"request":{"raw":"GET /v3/logo/lg/2e4e4c20-4cd4-4c84-8e5c-45be0a3d4100?projectId=2f05ae7f1116030fde2d36508f472bfb HTTP/1.1\r\nHost: explorer-api.walletconnect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300, s-maxage=300\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fa8f5112e6a32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T16:20:34.691298Z","times_seen":15225314,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":55,"dns":33,"connect":6,"send":0,"wait":92,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/okx_wallet.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/okx_wallet.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 586\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-24a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eatQcYc4ID7FxcPayXVV8AUDxiv5lVAMYzOGLC68E4yXOMh9k3FvDV%2BX%2Fvo1cy2dA5YqpoJxuEq5CCd9x6po3rPo2r2%2Bwd2hdJ3s98F4lhC1%2FKBTsiKv1KzJ8Tm%2FNSUEQLIjKcTeUF7%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f2fb80b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":586,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"f8e47a5b3872e8163e1eb45114031af3","sha1":"7a7bb198652939f4294bf3004fac11d368310d11","sha256":"9d336fb280fcce5e3ab58eecde92f8640427d27ae422ac7e58037bbe887b097f","sha512":"eee8b4f230c0fe710ea317f50fcb6378f9d21275eb68c67986f89b92294f2319a8111101468f44a7e5f2d340d8425c47c53edec1661d36afca8be28ec848321b","ssdeep":"","tlshash":"5ef0269ff72e6861c427d2f4b38e91426562b3760952fe6d1cdec27c490d04064dd339","first_seen":"2025-03-14T15:52:05.54964Z","last_seen":"2026-05-12T11:07:32.014927Z","times_seen":13,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trust.claim-events.xyz/images/trezor.png","fqdn":"trust.claim-events.xyz","domain":"claim-events.xyz","tld":"xyz"},"ip":{"addr":"172.67.169.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trust.claim-events.xyz/","date":"2026-05-12T11:07:00.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-events.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 16:12:22 GMT","end":"Sat, 18 Jul 2026 16:12:21 GMT"},"fingerprint":{"sha1":"E7:6A:02:C9:DF:8B:30:78:38:FA:51:03:D8:77:F3:33:DB:51:FF:81","sha256":"08:2E:1E:37:E8:75:7A:EA:12:FD:57:7F:08:11:C8:06:97:3B:23:F7:C5:8A:D8:47:27:8D:4A:32:B7:A0:71:3F"}}},"request":{"raw":"GET /images/trezor.png HTTP/1.1\r\nHost: trust.claim-events.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trust.claim-events.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 12 May 2026 11:07:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 5064\r\ncast-mode: default\r\nlast-modified: Sun, 19 Apr 2026 17:14:41 GMT\r\netag: \"69e50d81-13c8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mJSQaP476akvCLVX2LLKL40m9t79kLTgUBb%2B2kjQHscWnhFk6mYtGQDwdA1ys21zsQt3FkgyZnizxQXLqwK6DXPLznATBKDCRFoJ1Cnq%2BihdG04%2B3m%2FBf%2B%2F6vPMN7ZTNgqTK1u7lkTAP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fa8f50f3fbb0b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5064,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3","md5":"a1e606284c7b5b26e161efa0b542a2d7","sha1":"9215526c59c548fab77a099fa12256df552f59d3","sha256":"960c304504da6dc2bea4c6ba4011e8b5fd920c3aa74f0b016f827358db2e0b06","sha512":"7b9e9ea0b866855d0c669ac02f9499c45fe48257f39e4e4b60e25dd63911f06e2b339eefb3d6f94cc2b3a8bb84d5195c1e43d2fd39a1a1bf00551a95d3779fed","ssdeep":"96:Lqdnt3+e78x1CSzuhyLvkGVioHcugojg3r8tJ6EukO3BU4qtkDWMsMJ8:c4YIV1vpHjgb8tJ6Tx3K4qH/J","tlshash":"eaa15d93fe0a2537da86f0b453328bb08733d643bcb1501b59816d65e2661c90d28f76","first_seen":"2026-05-12T11:07:30.228761Z","last_seen":"2026-05-12T11:07:32.034809Z","times_seen":2,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"trust.claim-events.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}