{"report_id":"81862392-904d-4a4b-a3f6-30657b3df572","version":6,"status":"done","tags":[],"date":"2026-01-24T13:47:32Z","url":{"schema":"https","addr":"claimurpump.fun","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"claimurpump.fun/","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"title":"Pump App | AirDrops claiming","dom":{"size":1230,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"fe84f83319336be0b4f76462c067b20d","sha1":"4f50948daf0e5622ac4be0231fc68661a6f81028","sha256":"f618b7469dd81a43f8024d71d07f020c133066aee463a54f56c752854e63f461","sha512":"ad4fc40dbc3b32e5c0ef9c5fedd7d3a046e74e7f3280301e412abf5616bc66d27733c11e18809260e71198d48b3bc0915a087181c26dcb35c8ddf84814eef777","ssdeep":"","tlshash":"9821353ec2c1520ae0270164fb91f7982659821291670f713a5eb1b6f6cc0f752936c8","dom_hash":"domhash0ebe819308d222fdd2d1e3c37e196749","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"claimurpump.fun","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-28T13:47:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"framerusercontent.com","ip":{"addr":"65.9.86.51","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2019-04-29","domain_rank":18507,"first_seen":"2019-05-01T19:48:10Z","last_seen":"2026-01-21T12:44:50.797493Z","alert_count":0,"request_count":1,"received_data":3049,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"claimurpump.fun","ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2025-12-28","domain_rank":0,"first_seen":"2026-01-24T13:47:34.317366Z","last_seen":"2026-01-24T13:47:34.317366Z","alert_count":17,"request_count":17,"received_data":4879676,"sent_data":8174,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.4.14","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Framer Sites","description":"Framer is a no-code web design platform for designing and publishing responsive websites.","website":"https://www.framer.com","common_platform_enumeration":"","icon":"Framer Sites.svg","categories":["CMS","Page builders"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"claimurpump.fun/script.js","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c17a207d2cd73bc9fcbe7ce7267bc9d","sha1":"abfa9a0af5d8fda1205f516678de6f48be747ec2","sha256":"3ff74458a296035b9121977928dc6f6c26f44b6b9172dbe46402c15413ea41e6","sha512":"56f6f518a322a6de1b3082509774cca7d6c8ac6c668702fb9e3842732e0c5ce8aa37543cd1c833306d3dd2676361f26d120bebd7a42b367002e0cc4e27926a3b","ssdeep":"3072:E8aBADSzdBw1UJip4E8M8kzWMYH59LZ5hGNN1EbNGtmbrYoa0MVALtqstyb/LDX:EMc7OyE8M4DH5z5QXtw4pKuLj","tlshash":"059430cc118883ebc2826129d7b2a5fd85b4bf74978c5c7bb90d90f9b8474f1ace1295","size":424645,"data":"","first_seen":"2025-12-22T12:28:47.885414Z","last_seen":"2026-01-24T13:47:40.717277Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/MCxZzX_c.php?s=%2F%40v1%2Fcdn%2Fjs%2Ffolktale.cjs.js%3Ft%3D29487707%26u%3DKplfGtYpGT_H71GeGDY5MjU2NDRmMjhjZmYzYzM0MDI3ZTMzMcQy9OJYIhM9GDMFKw","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","size":656642,"data":"","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/MCxZzX_c.php?s=%2F%40v1%2Fcdn%2Fjs%2Ffolktale.cjs.js%3Ft%3D29487707%26u%3DKplfGtYpGT_H71GeGDY5MjU2NDRmMjhjZmYzYzM0MDI3ZTMzMcQy9OJYIhM9GDMFKw","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","size":656642,"data":"","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"8fa0338466035862e2483170da730bd4","sha1":"95c48ce9e1db84880197378f3d52e9a7a4aab4c7","sha256":"fd4e8c424451051e0ce8381930cb5777711897368713475886416af0382436f2","sha512":"2b8be927109d5f638cdff9efceb739205a04a49c9886f0cfe295473ae1c9090ac6abfeebfdab2f8f022a00b57671dcad652cb5ed641637ba9f37eecee67562a5","ssdeep":"3072:nmUfQK0ryNl8EzTRYRlZYUg0AUna/sYx59Nb5hGNNtEb/mLmTXSogaGTYLBOCzIg:nz7rVcAUg04jx5T5QZL+Iz6YJo","tlshash":"ab940fcc118993ebc2c26129db72a5ed85b4bf78938c5d7ab81d90f5b8430f1ace1295","size":417508,"data":"","first_seen":"2025-12-22T12:28:47.900131Z","last_seen":"2026-01-24T13:47:40.727615Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"claimurpump.fun/script.js","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:09.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:09 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 90221\r\nlast-modified: Mon, 31 Dec 1979 00:00:00 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":424645,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65335)","md5":"4c17a207d2cd73bc9fcbe7ce7267bc9d","sha1":"abfa9a0af5d8fda1205f516678de6f48be747ec2","sha256":"3ff74458a296035b9121977928dc6f6c26f44b6b9172dbe46402c15413ea41e6","sha512":"56f6f518a322a6de1b3082509774cca7d6c8ac6c668702fb9e3842732e0c5ce8aa37543cd1c833306d3dd2676361f26d120bebd7a42b367002e0cc4e27926a3b","ssdeep":"3072:E8aBADSzdBw1UJip4E8M8kzWMYH59LZ5hGNN1EbNGtmbrYoa0MVALtqstyb/LDX:EMc7OyE8M4DH5z5QXtw4pKuLj","tlshash":"059430cc118883ebc2826129d7b2a5fd85b4bf74978c5c7bb90d90f9b8474f1ace1295","first_seen":"2025-12-22T12:28:47.885414Z","last_seen":"2026-01-24T13:47:40.717277Z","times_seen":8,"resource_available":true,"data":null}},"time_used":342,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":171,"receive":171,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/969d8ebae81eb6fb0e435918ede61b9d6436b399.svg","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /969d8ebae81eb6fb0e435918ede61b9d6436b399.svg HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 165\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 31 Jan 2026 13:47:10 GMT\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e0048e66338cc1ebb6df2b125f71b1a0","sha1":"969d8ebae81eb6fb0e435918ede61b9d6436b399","sha256":"ab7a9ee31fa9dc023c3460610c637b281293cb5359e1604c0a6aa72f8805c303","sha512":"c6f18909d566db18974383a70517d01fbd2ab598d5521043412704bbffa007ea00022e39cfe25618a0ed51a17bb253679cdefad3317e8ce9ed2deab31fce5327","ssdeep":"","tlshash":"07d0959fdf1dd309808cd75cf1f93306a48418c001c944ced4c02dc89004cc29c91519","first_seen":"2025-09-17T10:51:07.649804Z","last_seen":"2026-05-01T10:53:56.600245Z","times_seen":13,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun//MCxZzX_c.php?s=%2Fjmpd%2F","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:12.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"POST //MCxZzX_c.php?s=%2Fjmpd%2F HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://claimurpump.fun/\r\ncontent-type: application/json\r\nContent-Length: 2196\r\nOrigin: https://claimurpump.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2196,"data":"{\"route\":\"8XUwkBv9vhPYfVpD1fxb7EC65sUXJdqr\",\"payload\":\"75p8DpXoJ9Fs91zruP6agaZFVgmBNxH6Vne9cAUH75Q1B7U1XpNaXRd2FxqUyXyRq2i6WynPiTEYfVrHCqLERm8zTxcntAG4XrwNQffbM8xCDw3L1NMkB3hcFCip51FsvW4Lneo2RSPZTs2pTTNu66Jdhrn1JrYZa4WPtr2Sj5Q5E6syFqKcCEfvU4y7HtMkkYuwBAsknFhH4VAw9jdR8rrdeYqKe1FU428SzWCWJUmMyKDELbpEuBULsUcBb3H2SDSpLmwyFiTAA9Sqdt9ccsbtK4wsHDzYrVePuekvKJMMwVzFkw9fdsATVPj4jYHcvh3GELRRX2CnQ8SaKZkGwmFeajup5LC1Hxe5NLhTt1QN29oGqjyU7Kyw52CuakQDu9NMbcmSmgwMzuFMdK1cErvMSXbL9hmVxTysdNAz8GLfJVySyXzY2TaqRUvSvi7XG2B1yd9tyfmCtgH2vBBXmXjDng43AvkiCmpBjatGWonTndHCQ4BpRg4XvXtCnbrHU3XG6AVw314VDR2pVYXFrf1ALcaw8SwGexzGwt8gUDvqiL1zBEc2raULzVkd5varHapTBcwQAfSpW4KWJj1WzjEBTU4GKmDe9GK2N9ajqdsHfqJLsSzphLcwCQMVYpZaVG5YLoYskbPeqtsmDxut9kM5rgSzX3qc3X4tkB7LAPspNNKbZc7SRi3qDqRdZR6k4jA8jDzu4N1ZTCcsMEg9hz6cTvfGiJ7SBKK5QKTjvgwGbGcwPnFbwqhurqFovDCHB7r7HwjrMLjW1Rc54KXLZCaPCRZ3W7nuPd2VrHgT9qCC71emZRcpio2qxe3utWo2nYaAQmUPNXQthXYugpMUwuTmGKSXV4NgiwSHsFkAwnbvdG875mrpTb3EV3K4asgddCEi4u8PS1VmxGocM4rBHXNurGKpziwyerEcaMVPf636wNaRJoWf2LNPqNTzUaSpiw9SNPU63aJrtM2cAZgmTXzdRRiAeoZUQ4pQ8GQCsoRWizpyKhnzx71Rdt7Wz6xHFaExzxpK4kwt1QQJSRfXoCvGPw6KoZRg1AJ47RaNQAjL2tuRTc7g95QYb5uVvBSY9XT6MZRZzGibMMcZkJXoCdhKzfRC2rh2dD2ux8jzDxZwDkUK7TYWUBHto9HJ9ivwHXhRyNwFkPq2WcvbPTgCyYJ2ETxCasY9y9ttLwiWTWtRC8n9mwXarrqoDrEv8MHUtyr7nUK2Tu63ktfNs5pHHHLmNHXYTZvM5fYqMWYLJUfito6VBWbNK2GnyExBXp7egL6v2UZPoAZLopGUHM9Yemvt74Wefm6vyqreBpUF7ZPBAnjM34cUg6KC21ZkBSEFmNV8HSCswZZq3PDGoM7JfM5ATBqy9iSoTf4RCQrG7fHb1ajAaP6QENZfhWNM3VskFueJ9F5ZrFp8GmMmNX4sN9nMKsSRip28sDizKfvz4sYpyCLMoAWTeuTaH8js8FGRN15J3T8onfBY9BidpniZBPQQbuSWJF2cuK5PTvhZ2XP7thzknAekEyMDjAaV71zaHPFkJUzjVU1EtrUmk44ppTUGaueAM12f14Kwx6aEjQeC7JXmVYBVt7uNREdWv5kwGtVYDDHuwLJ8hH4u36a6NyTfXcBj8dQsKK9ZENKDAwGNDmCTDo3EQEfDpK6hZGKtc4imSywRs4NqrDiRiFKfNAtA1FHYSDGws4QyMd89tsCL21vCkd4bUJ1dPS6hjt9vnEU4Dhfw6g4muU5rA5QjJvhdxuRh6hLCuPgrqTVC2KXewD9GiawBLxXrp282FxRUvJPL8PpmKP3742eLDHDSAGR4KmuxhUKg7PUoEaAt72CmWicYN6QarMdGZteWU1v5W1o5qYPe5gLk4xjtqPDD4qbqbu1xEAWJTz2cW9ftsT6CmRguTq5PWNqQLu8hvicBXYHodUCmLo2toFLkV5HfB3p2EpewyHbnGbWxCuWe9rAywW8V9y1ry1YtDx7Cza5cDG6izSP6PSHdcw81BSR472cYiLt1NANq54DpDkEdRptWaZhrhNjeRef35SHhwQnubFodjy1EpvYuMwToZEBgJcBExdnj9wsG5R6uQP2udH46CJqoLWAZjziGvEm5H8VP8UD6D5CRRL7mHGuiu9FXxDGdEdh\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:13 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 185\r\nx-powered-by: PHP/8.4.14\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-allow-headers: *\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-service: pixie-cpanel\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.4.14","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":219,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5735d483e3919c7fd78e28bf26b2f467","sha1":"146adade7cf6cbabc5572b5ecbce14ba4a5e0614","sha256":"d22c84c835c3cc57bee4320e0caf454e1db197e5ed78d31da017ea8bdf503835","sha512":"2b4883082fda43b765fc4f4e44248688d61428f6ceaaace7ccd1386c26cb0b2940ff8d3ad6864a815094605b067160e1d5b2838b7259ddf995b139a57da20d31","ssdeep":"","tlshash":"83d0232de45463c360356851959c5f2d4d163fbd8f63cc5cd94601c3d9140573c045da","first_seen":"2026-01-24T13:47:37.759296Z","last_seen":"2026-01-24T13:47:37.759296Z","times_seen":1,"resource_available":false,"data":null}},"time_used":850,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":850,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"framerusercontent.com/images/Hfn61PftoaCLZU4KiPcZP7AoO4.png","fqdn":"framerusercontent.com","domain":"framerusercontent.com","tld":"com"},"ip":{"addr":"65.9.86.51","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:08.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"framerusercontent.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 16 Oct 2025 00:00:00 GMT","end":"Fri, 13 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:EF:AE:14:9A:1C:B7:8C:AB:DF:01:C0:39:9E:AE:49:90:E5:84:94","sha256":"B7:E9:B0:B0:73:ED:29:A4:09:64:FA:77:EF:60:53:32:51:10:08:95:FD:7B:4A:69:60:51:6D:9F:AF:31:9D:5E"}}},"request":{"raw":"GET /images/Hfn61PftoaCLZU4KiPcZP7AoO4.png HTTP/1.1\r\nHost: framerusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: CloudFront\r\ncontent-type: image/avif\r\ndate: Sun, 04 Jan 2026 16:29:25 GMT\r\ncross-origin-resource-policy: cross-origin\r\nx-amzn-trace-id: Root=1-695a9565-4499719e5a6bd39b5e9b76e6;Parent=48bdc8d2f9990838;Sampled=0;Lineage=1:f456f256:0\r\nx-amzn-requestid: 75d327ce-dfd9-46f0-9102-60430b005242\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-xss-protection: 0\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: deny\r\ncontent-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;\r\ncache-control: public, max-age=31536000, stale-while-revalidate=31536000\r\nx-content-type-options: nosniff\r\netag: \"e4803eac288bfdae33dcca385c837b4f\"\r\nvary: Accept\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: AMS1-C1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: YJKVwc_FcKhVASMbmzVwaxN5dPRKvDZb7G6G26IUjdSlU4LLGHbmBA==\r\nage: 1718264\r\ntiming-allow-origin: *\r\nserver-timing: cdn-cache-hit,cdn-pop;desc=\"AMS1-C1\",cdn-rid;desc=\"YJKVwc_FcKhVASMbmzVwaxN5dPRKvDZb7G6G26IUjdSlU4LLGHbmBA==\",cdn-hit-layer;desc=\"EDGE\",cdn-downstream-fbl;dur=64\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1756,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"e4803eac288bfdae33dcca385c837b4f","sha1":"4a5540be7fa2f185e8bf1053fab244dd5edb42f5","sha256":"2c73a50f6d9716127dee5a41910b674083b0beb33f92e38fe6b1a2a52cae61de","sha512":"ab942af8a71b3400a7cc4a10fecb3b6a3ce836b7554347b3135b92724203f380beba39c9e915470a9f51e11c9dca5e3fc56056733eab57e19500e12a8c934b25","ssdeep":"","tlshash":"0a31180ab7681d05e52d037884da9122f637455e71b706cabc39f0a8bc4aae3c809e1c","first_seen":"2025-09-17T10:51:07.667724Z","last_seen":"2026-05-01T10:53:56.595572Z","times_seen":13,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":11,"connect":16,"send":0,"wait":92,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/secureproxy?e=ping_proxy","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /secureproxy?e=ping_proxy HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://claimurpump.fun/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-08T23:09:01.73056Z","times_seen":132712,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/GrgcKwrN6d3Uz8EwcLHZxwEfC4.woff2","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /GrgcKwrN6d3Uz8EwcLHZxwEfC4.woff2 HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 27380\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 31 Jan 2026 13:47:10 GMT\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27380,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27380, version 4.0","md5":"e092f17f85b5a6e5a73296c5819acee5","sha1":"1ab81cfcac2b37a777533f04c1c2c7671c047c2e","sha256":"362b168da82d69bc67d2a358fa20c59151cb4ceac8a5506be6baef5e6827fa42","sha512":"37756285b8dc6d24f04f40b3733ce2e3414f1242b0cf4715ad1a1082901d81caf10582dbcd2060ac8886902aa33d4fc2b1bd717215802f933aea929d181cc5c9","ssdeep":"768:uVmFXapd3t+i2J0dlFlL9baVrL0c8yMErCOtRPCM:uGXabqJsl5urL0xErT9CM","tlshash":"e0c2f1e694653af9ed0d707b065af62b539068bc436e807d9cf960b077a3bd1020f496","first_seen":"2025-08-12T17:14:20.779189Z","last_seen":"2026-06-08T21:04:56.090367Z","times_seen":2813,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/MCxZzX_c.php?s=%2F%40v1%2Fcdn%2Fjs%2Ffolktale.cjs.js%3Ft%3D29487707%26u%3DKplfGtYpGT_H71GeGDY5MjU2NDRmMjhjZmYzYzM0MDI3ZTMzMcQy9OJYIhM9GDMFKw","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /MCxZzX_c.php?s=%2F%40v1%2Fcdn%2Fjs%2Ffolktale.cjs.js%3Ft%3D29487707%26u%3DKplfGtYpGT_H71GeGDY5MjU2NDRmMjhjZmYzYzM0MDI3ZTMzMcQy9OJYIhM9GDMFKw HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:12 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\nx-powered-by: PHP/8.4.14\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-allow-headers: *\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.4.14","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":656642,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"resource_available":true,"data":null}},"time_used":1395,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/d3tHnaQIAeqiE5hGcRw4mmgWYU.woff2","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /d3tHnaQIAeqiE5hGcRw4mmgWYU.woff2 HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 28032\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 31 Jan 2026 13:47:10 GMT\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28032,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28032, version 4.0","md5":"b8c08053843729b89c7d30418d11b8e8","sha1":"777b479da40801eaa213984673e470e269a05985","sha256":"2f1040eb66570b6eb6b943d10ca5d91fb8c6dddecac26fe8823627437291229b","sha512":"eb4dd7f19084bd7ad2091446e532110963ea89f1c957137cbd12f058938bb40117c58f527256c25334231329049a2b01897601bd1f3a732cbdeeec64f389e270","ssdeep":"768:Lix98832s/NBFN5wDlEOef2X7bs1Qlq3ZdkQ9e:ux3Xn2DlEOa2X3ef3Z9e","tlshash":"75c2e198d7323c5a7c0a71a4e94b0551ca0211ac32e1ed40b92933fb993d2da6fe708d","first_seen":"2024-07-28T17:20:17Z","last_seen":"2026-06-08T22:32:30.143873Z","times_seen":2652,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":170,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-24T13:47:06.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:06 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 22615\r\nlast-modified: Sun, 28 Dec 2025 23:33:42 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Framer Sites","description":"Framer is a no-code web design platform for designing and publishing responsive websites.","website":"https://www.framer.com","common_platform_enumeration":"","icon":"Framer Sites.svg","categories":["CMS","Page builders"]}],"data":{"size":183005,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (63450)","md5":"60f66528c6dcc206e76e0a4f8a5878e0","sha1":"d6fbaba146c66d34c3cb0cd1d1dcfb39d9ce9b14","sha256":"1e3b7a3edad5750ab5bc78d5250b77507140fcce4cc472b518fcfc324ed37614","sha512":"f41e90fad6235be96b8647bae686c53926ef42681c7906e33bf20839313bef0af0dea993214a4dc4bec414d6a0be4df061d7c86daaa5b3975371267aa752aea2","ssdeep":"768:P+PxXz2Of2Mf2q0A2GwjaAf28QKf2Kpf2qPQPf2tgpLf5Y+aAVymE2/f2rf2X828:mJK7MLRY+aBCcDpZ/1TbSdZqOg","tlshash":"6504fd536159f574ace7593eeb5de119ae252000ff32c3e7a29e021f44ceaf8225276c","first_seen":"2025-12-31T12:36:50.073335Z","last_seen":"2026-01-24T13:47:40.724039Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1501,"timings":{"blocked":574,"dns":64,"connect":170,"send":0,"wait":337,"receive":8,"ssl":343},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/Th778RFibvl0SWWtDcTgHAmtY.png","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:07.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /Th778RFibvl0SWWtDcTgHAmtY.png HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:07 GMT\r\ncontent-type: image/png\r\ncontent-length: 3691\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 31 Jan 2026 13:47:07 GMT\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 370 x 382, 8-bit colormap, non-interlaced","md5":"974b5641478c217c3b439075ba19b7b2","sha1":"4b0a532cee62d9fc35ac5e7751f50aa3c4bb951b","sha256":"c49f4729124d9c575671c2e3a06a7ff691fc8670bbcb6897c931e330621de885","sha512":"535fc2672320ba3511b2a5655854db69ce3502b6b5355ab06bb010cba9e3afed3bc70df12c369c6a90e7c13a56584ed68f960575c32581a4410a3e715c82151c","ssdeep":"","tlshash":"8e714a9f6138e887455eaebb469084220a9e435f0d3cb0fab1f24c119074aecaad5736","first_seen":"2025-09-17T10:51:07.660394Z","last_seen":"2026-05-01T10:53:56.588252Z","times_seen":15,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":345,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/index_1.html","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-08T23:09:01.73056Z","times_seen":132712,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/1ZFS7N918ojhhd0nQWdj3jz4w.woff2","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /1ZFS7N918ojhhd0nQWdj3jz4w.woff2 HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 28004\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 31 Jan 2026 13:47:10 GMT\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28004,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28004, version 4.0","md5":"6a0a655993cb46fa8421adf0b1c20023","sha1":"d7e6454bb37dd7ca238617749d0fd6763de3cf8c","sha256":"cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685","sha512":"a67e3a335ec63a2515c945b5355794237e3a0203d0f44c49d57ee12b0ebb46a8f2d2bcd354af40a26b6e631fc2c8f2ac707f5032b7efabe96b4720d796d01976","ssdeep":"768:Spm4oXyuupZmdXzlnv47Rov6+gIDoZ364qvnza:Sp9juujsZv4Noi+gzq4qPza","tlshash":"cec2f157c68922f894782291d8a783992332955512ad43ca61935f00d4fdeb7e8bbd34","first_seen":"2023-12-29T15:34:12Z","last_seen":"2026-06-08T22:32:30.141927Z","times_seen":2584,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":170,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/Avhzd9ZdakuMbZdyEXCqnREFFYw.mp4","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /Avhzd9ZdakuMbZdyEXCqnREFFYw.mp4 HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 2408292\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\ncontent-range: bytes 0-2408291/2408292\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":2408292,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"9b038006009fe73d755727bd89887f7c","sha1":"84eab2edb21462fde236711e765511b5df36ba69","sha256":"bc7fa1ebdbde34d6099d52a427508e91f8544a134475ebfb2fc2e06200e31a2c","sha512":"67adbcd4cc6095666df6d5491972a492345838178874f2187339ef5231d1b22dece4e76494f996964b6d0fc33af142d65c03cd36806f922061eaa9eda710b8c1","ssdeep":"24576:3hAgwR1qrM/3n5ub5CK0aYKee2gJXCDv/AFHrFW9U3Nn:aD/I5CKYgZs/mFQU5","tlshash":"ed25235ba3c1a733feb8567651f6688229a3611611e30bdbfc8f5a102fa0c793d5b40d","first_seen":"2025-09-17T10:51:07.676075Z","last_seen":"2026-05-01T10:53:56.596689Z","times_seen":12,"resource_available":false,"data":null}},"time_used":908,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":706,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/script.js","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:07.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:07 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 90221\r\nlast-modified: Mon, 31 Dec 1979 00:00:00 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":424645,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65335)","md5":"4c17a207d2cd73bc9fcbe7ce7267bc9d","sha1":"abfa9a0af5d8fda1205f516678de6f48be747ec2","sha256":"3ff74458a296035b9121977928dc6f6c26f44b6b9172dbe46402c15413ea41e6","sha512":"56f6f518a322a6de1b3082509774cca7d6c8ac6c668702fb9e3842732e0c5ce8aa37543cd1c833306d3dd2676361f26d120bebd7a42b367002e0cc4e27926a3b","ssdeep":"3072:E8aBADSzdBw1UJip4E8M8kzWMYH59LZ5hGNN1EbNGtmbrYoa0MVALtqstyb/LDX:EMc7OyE8M4DH5z5QXtw4pKuLj","tlshash":"059430cc118883ebc2826129d7b2a5fd85b4bf74978c5c7bb90d90f9b8474f1ace1295","first_seen":"2025-12-22T12:28:47.885414Z","last_seen":"2026-01-24T13:47:40.717277Z","times_seen":8,"resource_available":true,"data":null}},"time_used":348,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":181,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/secureproxy?e=ping_proxy","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:09.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /secureproxy?e=ping_proxy HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://claimurpump.fun/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:09 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-08T23:09:01.73056Z","times_seen":132712,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/DXD0Q7LSl7HEvDzucnyLnGBHM.woff2","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /DXD0Q7LSl7HEvDzucnyLnGBHM.woff2 HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:10 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 27992\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 31 Jan 2026 13:47:10 GMT\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27992,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27992, version 4.0","md5":"6e016e5d8af17b4b0a7d7ea5d09a37f3","sha1":"0d70f443b2d297b1c4bc3cee727c8bfe7f860473","sha256":"2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f","sha512":"bf2201f695e67518e886a2b1dc7126c4d292614524f6e3e879a8f89cf5c2bbb83eecc827d4b64242d76e7e5d7f18683a37e117c9d8accddc064b0232f3db2952","ssdeep":"768:YWjMCg7zYxo03f+Qo7seRuRCusYCdlebExh/tjqmKyrA:YIUJhTJRu9sdU21q/","tlshash":"92c2f2f0ca9d99b069358cf862bc9848d60c497d9d09d2fd6a73a35d0b50bcac7d8e0d","first_seen":"2024-08-01T19:55:06Z","last_seen":"2026-06-08T03:04:07.98009Z","times_seen":1134,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":170,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/MCxZzX_c.php?s=%2F%40v1%2Fcdn%2Fjs%2Ffolktale.cjs.js%3Ft%3D29487707%26u%3DKplfGtYpGT_H71GeGDY5MjU2NDRmMjhjZmYzYzM0MDI3ZTMzMcQy9OJYIhM9GDMFKw","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:10.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /MCxZzX_c.php?s=%2F%40v1%2Fcdn%2Fjs%2Ffolktale.cjs.js%3Ft%3D29487707%26u%3DKplfGtYpGT_H71GeGDY5MjU2NDRmMjhjZmYzYzM0MDI3ZTMzMcQy9OJYIhM9GDMFKw HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:12 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\nx-powered-by: PHP/8.4.14\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-allow-headers: *\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.4.14","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":656642,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"resource_available":true,"data":null}},"time_used":1730,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1730,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claimurpump.fun/gD19zQdpu6Hw0s5gG3VMOioQ.png","fqdn":"claimurpump.fun","domain":"claimurpump.fun","tld":"fun"},"ip":{"addr":"52.38.173.188","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claimurpump.fun/","date":"2026-01-24T13:47:08.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claimurpump.fun","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 20:06:48 GMT","end":"Sat, 28 Mar 2026 20:06:47 GMT"},"fingerprint":{"sha1":"27:99:9F:70:45:FA:95:3C:99:D2:45:2A:EF:42:B3:72:61:66:33:1D","sha256":"AD:52:0C:C8:23:64:9A:53:E3:D6:83:46:CA:86:BF:0C:A9:40:0F:67:57:5D:03:C1:AE:12:1A:AC:13:B7:0B:27"}}},"request":{"raw":"GET /gD19zQdpu6Hw0s5gG3VMOioQ.png HTTP/1.1\r\nHost: claimurpump.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claimurpump.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 24 Jan 2026 13:47:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 891\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 31 Jan 2026 13:47:08 GMT\r\nlast-modified: Thu, 11 Dec 2025 13:49:22 GMT\r\nx-cache: BYPASS\r\nx-service: pixie-cpanel\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":891,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"ad13e1b2040acebbddf7b2ff4c633c9c","sha1":"6f6eb727b2767e00e9312653ffe195c6c253a4eb","sha256":"ac18bbdf8cd6598fdceb147eb661513b7c19e246e44b1e4465f2dfeae23f4051","sha512":"8551ce50349c81cf79f768085ab7d72f6aea8c6104b701a52d82f1f5e7114a1a593c1956f32fc91602bbe6ee383d58b9c5490391eec26383998a2db7b61cd76e","ssdeep":"","tlshash":"081196c6b73337a2f4f8dae349c384e6da668f78b502403c140ac91a56c736c6a36208","first_seen":"2025-09-17T10:51:07.672816Z","last_seen":"2026-05-01T10:53:56.612236Z","times_seen":13,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"claimurpump.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}