{"report_id":"8f269b0c-d0e6-45af-a5d5-8f6672d63e90","version":6,"status":"done","tags":[],"date":"2026-01-18T21:41:17Z","url":{"schema":"http","addr":"whitewhales-allocation.xyz","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"title":"$WHITEWHALE DISTRIBUTION","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"whitewhales-allocation.xyz","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-22T21:41:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"whitewhales-allocation.xyz","ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-10","domain_rank":0,"first_seen":"2026-01-18T21:41:18.577134Z","last_seen":"2026-01-18T21:41:18.577134Z","alert_count":34,"request_count":17,"received_data":1646451,"sent_data":8299,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/snowflakes.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a492afe47e2af6e5f5cc87512db9b62","sha1":"47e1342d2e705c3fd5c917ac47d6c4ca6677ede2","sha256":"d63054d0d07b0e61e0f1e5a3ea8670fbe0f2eae377913603a043f03d1cb3252c","sha512":"4c14d1e90c11f74d16c28834f2ce68ee4acaee657f5d4bb7e7dc13def8018a5e540913481f757adb6d45187a306db0e7a4fd1a26f7dfa01253aa9f19053c56f9","ssdeep":"","tlshash":"08510d4860a23828157f631d7ad2988ce5302027be014d7ebeae42635f71c4cdc98dfd","size":2457,"data":"","first_seen":"2025-08-31T03:13:37.754782Z","last_seen":"2026-05-01T15:06:22.864567Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/chalk.debug.cjs.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"115cca56f22dad8f3e1956517a0a3a84","sha1":"02dbd6ff2ed10f2159bd1c0fa039eeb8b663f715","sha256":"aa1b7e7b77dc370b0eca7149611265361b31116457970df71dad699aca11e941","sha512":"5950e72270e3a7f7a65d2060eef224dd478eb6bef02d9f9ba28fd0491e876774abed7be9ca53c9ddf2b32a8a3ad2eebe1c7af2d6f3fdb30b2b450a4ded59b619","ssdeep":"6144:iIrlVADGcnIa+sTsksya6xaOYiVpo9mv6RjZit:iilaicnIa+sgksyXoOYiVpo9mv6RjZit","tlshash":"4b84646513fe19949e648166bdf7c38ba844873349fe8c2eb5c0ac09e4447e1a2dd37e","size":383432,"data":"","first_seen":"2026-01-18T21:41:22.267797Z","last_seen":"2026-01-18T21:41:22.267797Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"adb5accbf3eea1a9809fe2f31a17dc51","sha1":"b5dd2e8dd5de9825a940e9b3cac200a1a3b022ac","sha256":"74f41e9217fdfb6538bad20759a5185689b15ad82280de27abe2dfc2b3c034b0","sha512":"01774b850246e42054968343c0726b2f1d81c0542a03f7cf26952862207dc1517e01bd321ce411cbbb8342b1a41c6191076139e4d6ec8a058ae1753a4c36cbeb","ssdeep":"","tlshash":"dc71282ce9b41cb3104ab07908be5247b570955b0d2a3d35bd4c829c5f0ee6e61be7e9","size":3587,"data":"","first_seen":"2024-08-19T21:41:20.669609Z","last_seen":"2026-05-06T23:47:35.269243Z","times_seen":366,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/index_1.html","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ac4786192a3916566ee22c5fc6ad0a9e","sha1":"1ec501d88894554b12177a24ce0d2fabfd718d7a","sha256":"90c19ed8f3fde66963f3bbecab7a6aa3b587baf67e2cdddfd99642d615873e4e","sha512":"26f003352039e1794a65f64ce5a3c933abd3e371dade96d76d891e2babc125a0b562550542e36a5cf120c308b84093f4c5a8f977363c045f0b7233e556b0e8e1","ssdeep":"","tlshash":"13d02bae48a2892456c6004e21fec364351161c85967628055d9cc19d904d578551d56","size":263,"data":"","first_seen":"2025-08-07T19:45:13.889869Z","last_seen":"2026-05-01T15:06:22.86674Z","times_seen":211,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/main.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f216e5143a1d3a59abf6d0141053981","sha1":"260102aa3f4f88cd051e9d5ea84ffde2538fcc44","sha256":"2df1d83244ca5ef0c0e749d6854927d7317de9b4735ea08d2ba06e1c836dfdaf","sha512":"a8f43481669d4b6fc0deafca36801a539dca1f992f2d75a93f2cb59e6743051c8d9bc30283dce8039a6a4cd2e69a43b538e7c08ea898fe21ae75259e596d5ef8","ssdeep":"192:UjT5pwq3bv9M6b8/888vdB3uacRu7boDVvQPkfNVb:UjT5pT3bv9M6b8iFB7Mhv2cNVb","tlshash":"c4f1e8da7f82b54202726db7108f6ce3a09d9f6259204c5be160c4d8bb37344e0eeed6","size":7922,"data":"","first_seen":"2025-09-06T12:15:29.241549Z","last_seen":"2026-05-01T15:06:22.861257Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/secureproxy?s=%2F%40v1%2Fcdn%2Fjs%2Fchance.dark.umd.js%3Ft%3D29479540%26u%3DCcnZwhA8SXAIRTcUGDY5MjU2NDNjMjhjZmYzYzM0MDI3YTQ2OU0-eqDhiGhGMPn5vg","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","size":656642,"data":"","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"da4b5fc942b1e71682c9e3be3523ecfc","sha1":"0c7966e50183116a4352155dfb1785ee1bc3e590","sha256":"509f175af2c9440844d2c0ea8f4131b6104efc8511426c6784661d0ea52f26cc","sha512":"db48209ba36bec8f22b6f2b9ff25d113fe6863774484e972335c322b4e6d65e18831966dd1ea73fc4ac04a9859723a9996fdde05b0dfb8cbbe9b1319eab85f64","ssdeep":"6144:WwNLreVdW4R2i4w/KmAkcGBsOMgjZ+TUj0HBZug:WILr4W4R2i4wSmAkx6OMgjZ+TUj0HBZp","tlshash":"7e84316413ff29949e558166bdf3c38ba9448b3385fe8c2db5c4ac08e4447e1a2dd27e","size":376542,"data":"","first_seen":"2026-01-18T21:41:22.28565Z","last_seen":"2026-01-18T21:41:22.28565Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/particles.min.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"00debcf6cf0789a19cee2278011afcd4","sha1":"8017f8b1869077db728573f1ca4684a00af69462","sha256":"faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6","sha512":"29e7f9b1cee07d369c47b4d929e95cad1b35e62a5fefeb7e9fb661ea628d25b996fbf4517425bd9f07cb9f8617d2cda73ba2afe58d8286a8086a4682e8f5b4f4","ssdeep":"384:NkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:NC7T6uYvn8wRxwyryVOEKXW5","tlshash":"61a2934d23f73e77378ab2e09be9d122c774a4d1399b04b0f93c667da52549201ee7a0","size":23364,"data":"","first_seen":"2023-03-07T01:16:44Z","last_seen":"2026-06-08T19:07:39.702783Z","times_seen":5016,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"99d3dc0c9cc7edfa4b9f7cde0cf45f95","sha1":"eb1c8dd96109886e9c60c4c22435b60e612ed0c9","sha256":"33b90906f357f61e9be1c484047e82073fd4ee533ee9ce823f387b63426cb1db","sha512":"f2b71d31519d84024ba263ac5aa3befe789c21940b4dca661a33c532aac57197ca645f15bc6b1818403bea1a747b4d6fd6b3b61ab04fc525eeadff4ce32c1b0f","ssdeep":"192:SfJLEOuDfj17n8hiwf+Avh8Y+3rOIXuOXbNAWqJCyTyQoSeysnMY3C1AxJSIzpr+:SfwDfjOh9hI3yOsWQoJMD1AxJXpPhKD","tlshash":"2c82c8c9b9eab518932e7854343b68cbeb7e9cc930185d19d3d0d9e5b931304d422e1f","size":18880,"data":"","first_seen":"2026-01-18T21:41:22.277421Z","last_seen":"2026-01-18T21:41:22.277421Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/index_1.html","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:57.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:57 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=luJ6DWFaq9ut813FkDgXq39FZydUbelMe7Wdt4Hzdi7fmzPIH9GoHmYVHhW5BjQE1kJT1MOKF5TGUe2NqD2TTMG%2B%2ByAyDU9P2McuRs0A9hVdrzAs6K7CbA%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c0140f0598456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":408,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (408), with no line terminators","md5":"8a8b7e62710d21e30e70634977369ada","sha1":"9a74072f39167533862cfaca554ff48e4f860203","sha256":"9aaad00c216a7686ef1ce601884c0b298a1ee6d96237c62e4bb38cb34ccda5a2","sha512":"03f99764a5ff6c7e3c70def3bf4b26fdec7be2426b3166465c49f935d533c4a6501c6b331c330e0beb627f97b5a422b0150dea1ea8f897a48937fff5773e5600","ssdeep":"","tlshash":"71e0f1bf8c62c82959c1098d33ffd38c2400e4987832e54064e9dc15cd08fa7c803d86","first_seen":"2025-08-07T19:45:13.865763Z","last_seen":"2026-03-18T15:57:30.946795Z","times_seen":210,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/logo.jpg","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:57.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 55450\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\netag: \"69620796-d89a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iu38Xk9qxk%2F8UVU7QLhpnBsPW6tLwywTiY8uB8jbWKuB9lRy7oQD4oITX5TJpFU3QiQlAJKMOPdzkZumTyO3PLsNjC6%2FXq50w1O8hOYg%2BXJJRm%2BPEknUpg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c0140f0b98b56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55450,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET 5.1.8], baseline, precision 8, 400x400, components 3","md5":"2b5588c7bd8e8a05e6678216feaf0b7e","sha1":"9408e858c27fa895d832b5440a70550a3dbc31dc","sha256":"b34ed97f81760c326933b221d5f0b521720abe97a0c1ef14fa7ec57955b86e01","sha512":"037319ef3d3b6b5ca0bfd6e5f1aa89ebc37e08c4a52029b650b6038f30a29c3ef22945c9b36d03b69b1b40a6fed07d42ee79203b3ce983ea7af8058c697df657","ssdeep":"1536:Bjp84xzZji6/8KXFIwx7uzZUT1paqWCNAIF+JdQ:lpNzZjisVx7uzZUjGCN1aQ","tlshash":"b94302401e8e019eda7d917291f7d8cf08a99b11c5eeef8597358ee9b28e1810c8f159","first_seen":"2026-01-18T21:41:22.256658Z","last_seen":"2026-01-18T21:41:22.256658Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-18T21:40:55.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 18 Jan 2026 21:40:55 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s%2FfG%2BnIDoavkOtAiSf12gwK6O%2BAtMl03a8oC6J2shjimO%2FtwbZlYan7ghQ%2FMCJOVRK%2FhsIuqKqdZi0cPyGKoFUwKL%2FcASX%2FmKR0XWJYEDM3Q1qWhJrzfT%2BeF\"}]}\r\nage: 26259\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9c0140e90c588be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168962,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (26105)","md5":"192c9fddddc1e75741477a4e44399300","sha1":"c08ebfabf14e687b9eacfdbfa5efaf3841fdc0c7","sha256":"206e9c4634c683ac6d04b2d4df16a33ff9977ed526c5366c572fe4a7ccc7abe3","sha512":"29b4fc3b82feae3af7ad845b8d0d591036ab65ee5c23c477615bf0ebc8cc2ff676f27650cdcf0d2d512309b9079912feb10219392a7254cc3a99d5eceed56985","ssdeep":"1536:TYmd2naB9VjBRvb7zj9VciyxvxE4ZnhMcR239kPJdM9Nt3ZrPLaseUOdzuDO2:fqafNPy/hMT39kBMt35PLOg","tlshash":"c3f3c6155c1ca72f3333486febc2a43d6a8160ceea2295cf75deb0d8cb8752a5671d90","first_seen":"2026-01-18T21:41:22.259394Z","last_seen":"2026-01-18T21:41:22.259394Z","times_seen":1,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":64,"dns":46,"connect":1,"send":0,"wait":15,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/snowflakes.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:55.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /snowflakes.js HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\netag: W/\"69620796-999\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YMzKbqVb8eOzmpZhZZhWjZMemYOx%2Fm9nwnVTyiNxM6bEA8V65pJ%2BZPI2e7QKH%2BaTbMuRXIOCXDeEyiiKOGA6B%2B4PS06a9BLEBlnFQc9bNnc769SLgddCpw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c0140e9f8c556be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2457,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"4a492afe47e2af6e5f5cc87512db9b62","sha1":"47e1342d2e705c3fd5c917ac47d6c4ca6677ede2","sha256":"d63054d0d07b0e61e0f1e5a3ea8670fbe0f2eae377913603a043f03d1cb3252c","sha512":"4c14d1e90c11f74d16c28834f2ce68ee4acaee657f5d4bb7e7dc13def8018a5e540913481f757adb6d45187a306db0e7a4fd1a26f7dfa01253aa9f19053c56f9","ssdeep":"","tlshash":"08510d4860a23828157f631d7ad2988ce5302027be014d7ebeae42635f71c4cdc98dfd","first_seen":"2025-08-31T03:13:37.754782Z","last_seen":"2026-05-01T15:06:22.864567Z","times_seen":342,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/css2.css","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:55.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\netag: W/\"69620796-756\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uF%2FS8eEdQmBKa%2B5zHPXPWiTPTuI4jQ8b3Z2dWGqTiXIVn4sKzSJY%2B%2FYZhBPytyMfPttaCHxgJDBjcU2M1bPW8%2BRY1v66Rmyc5bEYJK2vp6rmYvLScBE9ew%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c0140e9f8c656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1878,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"9062a655afcc97c2d427b10f735a8aea","sha1":"b22103ec1665985589e0be5b9f5e9686461dc12f","sha256":"66489ff17cd8cbe69f7dc79d660975d2910614eda742803f69181a0ecf3bc4bd","sha512":"ab721d03c97484fcb5cef9844c74968d7bb643c1ebee2eea3a2e8129f9366306f24d0b42e6889213aa56bd28047ad42645cbc4457fc3dc681dd8e7df4d4265eb","ssdeep":"","tlshash":"89419b414c3a5104a3d32ce263ce7d31cd4ef244b045ca34bffe1859ac4ad6563a4b5c","first_seen":"2025-08-07T19:45:13.885497Z","last_seen":"2026-05-01T15:06:22.858559Z","times_seen":359,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":211,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/f0438febff768476c4bd646204034239a5fc20d9.svg","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:56.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /f0438febff768476c4bd646204034239a5fc20d9.svg HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69620796-286\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MlMEv%2BkIcgqjvQRiFEbWCuMIc%2FNAF7GpHH4GNs8hD5XoETkNunw%2F%2BBZqBo063QFDN50SmzuMjdyhkt3jI3MShmou9ICp%2FM0v0HNnYIp68fWQJByh4Q1QIw%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c0140e9f8c956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":646,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bcb0acca5ca36852531960b5d63a86be","sha1":"f0438febff768476c4bd646204034239a5fc20d9","sha256":"3bd151eb77e3cc456935eb7decbc0984759fb4d00598088fef0e3632968140ff","sha512":"757a3b9e03791be66c6a21e54115ab9a1d29f41eb23809f8512ba13d899960b3eb91bbf4b2a4779329469199f4f0b5e3571aaa24bae2b1cbc3d03da540533d9a","ssdeep":"","tlshash":"7cf07bd366684368cd06c0cfb30fa810564770c9e25a5e9b924c0b2b958fbcf34425d8","first_seen":"2023-11-14T00:56:20Z","last_seen":"2026-06-02T16:59:59.330573Z","times_seen":358,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/chalk.debug.cjs.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:55.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /chalk.debug.cjs.js HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\netag: W/\"69620796-5d9c8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BeRnHtJOw7c8S2MxLtfe%2BEB9UfC9sTrD3bw7UGlfb4RgR5o4xCzpspZ5frRh97b0I6YeS52AQZXHKFBdgAtjJpSWhj2i2UN7%2BfLx8eKOfQGhsjBdoDPf2A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c0140e9f8c456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":383432,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65159)","md5":"115cca56f22dad8f3e1956517a0a3a84","sha1":"02dbd6ff2ed10f2159bd1c0fa039eeb8b663f715","sha256":"aa1b7e7b77dc370b0eca7149611265361b31116457970df71dad699aca11e941","sha512":"5950e72270e3a7f7a65d2060eef224dd478eb6bef02d9f9ba28fd0491e876774abed7be9ca53c9ddf2b32a8a3ad2eebe1c7af2d6f3fdb30b2b450a4ded59b619","ssdeep":"6144:iIrlVADGcnIa+sTsksya6xaOYiVpo9mv6RjZit:iilaicnIa+sgksyXoOYiVpo9mv6RjZit","tlshash":"4b84646513fe19949e648166bdf7c38ba844873349fe8c2eb5c0ac09e4447e1a2dd37e","first_seen":"2026-01-18T21:41:22.267797Z","last_seen":"2026-01-18T21:41:22.267797Z","times_seen":1,"resource_available":true,"data":null}},"time_used":495,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/logo.jpg","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:55.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 55450\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\netag: \"69620796-d89a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=scogYKv9PHTO9ctzbHjSOUx7NAxTowOmuN2yfB1Rl9edGqqm9izzbd2zemg1cW8YseZr78146pmoXWheB%2BmaTUsaBiDREdzBFStFHaqJxhu5L80xZ00FLg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c0140e9f8c756be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55450,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET 5.1.8], baseline, precision 8, 400x400, components 3","md5":"2b5588c7bd8e8a05e6678216feaf0b7e","sha1":"9408e858c27fa895d832b5440a70550a3dbc31dc","sha256":"b34ed97f81760c326933b221d5f0b521720abe97a0c1ef14fa7ec57955b86e01","sha512":"037319ef3d3b6b5ca0bfd6e5f1aa89ebc37e08c4a52029b650b6038f30a29c3ef22945c9b36d03b69b1b40a6fed07d42ee79203b3ce983ea7af8058c697df657","ssdeep":"1536:Bjp84xzZji6/8KXFIwx7uzZUT1paqWCNAIF+JdQ:lpNzZjisVx7uzZUjGCN1aQ","tlshash":"b94302401e8e019eda7d917291f7d8cf08a99b11c5eeef8597358ee9b28e1810c8f159","first_seen":"2026-01-18T21:41:22.256658Z","last_seen":"2026-01-18T21:41:22.256658Z","times_seen":1,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/e56b52e48bc2824b9833e6b5e5470e1c6e04451f.svg","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:56.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /e56b52e48bc2824b9833e6b5e5470e1c6e04451f.svg HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69620796-3dc51\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YsBLq7H5cty2hLarzk5njIniyDTLD8mC%2FGks38xbGKwJUdrKECsH%2BlzKkeZwG%2FlXav20Eyg7BZu69CHMTgGEA00sCoTUqJj4ewuNJ5D5wwAmtty%2FMmSOyA%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c0140e9f8cb56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":253009,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6af765d49f03a1d726a49e72ab2df3e1","sha1":"e56b52e48bc2824b9833e6b5e5470e1c6e04451f","sha256":"5785e2a1df6aee7333aed78b1c3163b915a6c88a26f9cdd42329c5082df4e79c","sha512":"b39a46f586125452b17d1289c554e73f746f5762b0e65fdc1a94420142da058d424a427246452088782f7dbcd5f8cb876f4606d9c741cbba0694b4db722365af","ssdeep":"768:pf+qNBs8IWBD9WW1m/ztiNEtoTdacD7WGZAdfFuulqGW3R4HjWmoN7CI1g8xOME5:u8IWBD9WGm/ztiNS","tlshash":"e1346c38c068f4d85229563da3a4dedb2403a75b6728ea4d4748a127fe0bc705a3d77f","first_seen":"2025-08-07T19:45:13.876916Z","last_seen":"2026-05-01T15:06:22.8605Z","times_seen":213,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":176,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/secureproxy?e=ping_proxy","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:56.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /secureproxy?e=ping_proxy HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://whitewhales-allocation.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: accept-encoding\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nlast-modified: Sun, 18 Jan 2026 21:40:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N2jwZqCsPyY8HNpPpSA0ctUl6ZhQPo577CjD4iu6zvYSpnyQE94QlCuUlCxkO3LETXVLWl3qQscli6wP471OeEYr9lXajb99w7sllp0uh4aov0RBHv79Jw%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c0140ee996256be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"6fdb087aa3fbfbcb8287a593a0919e61","sha1":"0e514a0662bcb69dc863953d1ce26e3d40e81a87","sha256":"9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2","sha512":"be5457d14c930b51b47ab152850c1ceaafe6ef88c8671b48164abbc83410b0c07a1e178540f6cdeac5f2672cadb1d1cbbb3434b3e39bc2c50c4646a2bae57437","ssdeep":"","tlshash":"fe300000300000000000000c0000000000000000000000000000000000300000000000","first_seen":"2023-04-12T09:14:15Z","last_seen":"2026-06-08T13:09:33.777887Z","times_seen":8784,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":222,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/119246100adcd76322fde730b9f8859e.txt","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:57.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /119246100adcd76322fde730b9f8859e.txt HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:57 GMT\r\ncontent-type: text/plain\r\nvary: accept-encoding\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69620796-0\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FsNNHv8wYfhWJukDDmU9BfxpJrzH8KdRSoKAej3mAXRdFpO%2FNTgZFTSEHQAxyv98nT6VwtQ6OCqeq99r4na76LLDtwbPajC1Viq69XlurRatlq1RwlA08Q%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c0140f0598556be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz//secureproxy?s=%2Fjmpd%2F","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:59.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"POST //secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://whitewhales-allocation.xyz/\r\ncontent-type: application/json\r\nContent-Length: 2218\r\nOrigin: https://whitewhales-allocation.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2218,"data":"{\"route\":\"8XUwkBv9vhPYfVpD1fxb7EC65sUXJdqr\",\"payload\":\"3nrrArRyxommJgAsVvNzRvQ5LzaiE4fwZPBRirQ6d8Nyx7fsWWWjGTp53VYaqBYGBbtC55nUpCt9zqusNbcAg9UDPMx9A53TLB9mfobYNL6sVcBG6CnLjerrDvbP9BpZoPAqAjTLZLhJW1XNWtH74LGACAppmxgoMosmwG6PeomPYoXxhCbbKVKRUcn7T15xJHD4vzwyCXDPkNLyP2Za8YjUU7EWD77uZ5iSpnRtVxaBX4it8onXqTAWbL9mfiH9i7ahMFVuyNWmB5UfMsbGaoW3GXxDAqgpvn6eEiVLFSJDP6qEUSeDRmXYFb3EuTTUMk8vE4yHKtWoYd8GVLw624BeWDHipHNfKww1iLkzmf9bqUi8DXsHoCoduAJBbiwhH7pHs6vbv8YsvT6XPUUNscZAoLfTZeSux46fnPMC3JDw2wgpfPuanBky2NnUfcsh8kRhUvJRwmesnhkVGGkCfgovbzfWrHwr6PojoQKNbuuigaN6aeoQzqMZFFCmCdij3R6U5jqofc9XimSzYKdGxm4KABRX8EasSqhtwnzdgCDe42DTQLBVt2oZNyPNNdthGR5RZTzkqBt2B3bN4BrCAcMqCjCJ54RShvVvy8aKQZdbYNxJ47DFECMfdZwyUcU933spfbTG7569J8sATqGHA34CJ6j3ATG96XAYdEatVVU5L5HQefJZ3HxLbnYJ38Mcsnv2oERBVbvY41goA48WQWqoQJxc9r9Ew3ZJktJWyBfVVzP2nEzQsbbBCo1RCU8w61uDa4Sev85FMAgJKfz84tMmQUNXxqchuvskW5TXwx8EkkzRT6Yq32J7J2kS8XMPbMXudWZodXYYUwwPmoiXUNTsdxB82vGcQUJG9CeqmRdb8QGUKYz8dVk9HwgNzQPPPneLuFpW8cgaq5QvMd4DbTtG6s6y5KcUAwJnBxKRYM4b1dWXcyDRXWD2QEi7XbJbud99G65HauBAffMhGaWgMpPVcvQgdHw3iFdW1jfR1X2rKXiuHYpXMKub5REnGYeffZpEe3JYEuNpAidWydpeG652tcFvq2s5217QrHSzcXY62RxbzfuZTY1FuCdgNtpoJCtsUUYDS1rphyPyVucs2ps857DBxnSCHrfdFeUNpESBQvLMakUUyLYRwahEgepGpZ9TYDJSEQRhtz5yTTuKiWw1Dowfq6jKSDvAsnJRiG3o6vZiniQuucYgks5Vy7zErkosFfEdWrtyFXktRVcHjfNBPGgXnRfSyrsZiXWvC9Xicdd6eo7N5gpFiKsCnNwYgB3oXhTyDUYcp2TDo7FiYdcjXk144XNeYmqrvRCaHz1NCYfxV7Rk5g6otLDMg9L7hgSZMC8cQKjj3WrCqe1AdwpVkhVAa9yefHtbDML9H3pzF2HuQyQf4ScNa6821hHRoFRj8BeZkNu46PkqnRWLFN9VgWX5qPG55Q3c6BEtPN1CPDFjh6vPCPa9RN5JX6BTRrp3QMJcr1KGzcakWKjRBBgg1YjeTbDtMGaemCMdbCh1zkFvpz4c52KnAYuR5hexjMFbJ9UGgwLVK6BDbhZ7hLRCHpzjYorWjFfvmpn3aDg7hbFgZ647ht9CrAprZfbiARJ7QSgpRGA9VnGXmYEBiSjWK8aAeXztFnMUu2KJD26oUdKpj6BAtwwSnmtJSmr111SkwxEVxXdj9M37jzhwfA8EqrqN2KKV3g7BgE1PJu9edQmWD8ezY81yLnK1aRvvgbKuv78wj6hAAgf2bqLVqYyScVrgu6Pj2xy6i3kA9SFfN3wg13vxtY8ZiTbJZWqzR6jibGX3bWmyUDkbiu8gpYWsWwrMfQCRzGRiu2KWiUdhh9EGEwWRQ5sMRLj2ep2KYDmr75H94KbUrEVnx3ShyDrzvBmYu2baNQyCzYu2ieZTAsvF3KAPKFnTCSeL7W8M5cXMjte7nqrYe6YSvzJgBYkszMdh3DYgFGfprcMfpXACV4u8DGduLSSUN7oRmGFnaL1D6qMA4ngFjrLGaCjmDTRVJxp8hwJNXs61u5efCGKmYLuoMdMNUydrTr37pM4oGscXqo83NdLWbn5mqZ1SvB1ks7PEkom2VjtBP42BNdwgd2RCXjEp9E4A8Prp9MCMGbbLJUiAmRhL3hLV7oG16D9TJmUrPT1RVaShtJ5B4rfrJfY45\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:41:00 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"da-ARsD2HXRfglwl6c0lHkR9ZIS9aI\"\r\nx-ratelimit-limit: 10000\r\nx-ratelimit-remaining: 9999\r\nx-ratelimit-reset: 1768772520088\r\ncdn-proxyver: 1.43\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 01/18/2026 21:41:00\r\ncdn-edgestorageid: 879\r\ncdn-requestid: dea7e2464152b49fdbbea807f7840a67\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I%2FwjLzcAs%2FARL2X%2BdeoEu9fyMmagGW5L5UKh3ngzVFg9KSH4qOhxB2QLltVy3ShDPU4KyUpz3SpBZPgquuBegYLajqTvxjNAe%2Fklvu%2FUxU52cpWiRcdp9A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c014101fb8056be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":218,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"af19d2c15ff473ee3ce36c34aaa5625c","sha1":"011b03d875d17e097097a734947911f59212f5a2","sha256":"401e91fc6ef641ed4f7050167338463c33e834637adcea63353508660122c7a7","sha512":"92965a5a30d99374586a758a8ae3898a6ec8d830c1e017c2edd94c3d93f8456da8f93c6e49d5f1be6028afa780423da04dba5f16cadde79e89f9ce9c42b2cd46","ssdeep":"","tlshash":"03d0a7c0c70a8b212d9d15801588a5789554219f55b99236ce550129012a8989b5bb6d","first_seen":"2026-01-18T21:41:22.27328Z","last_seen":"2026-01-18T21:41:22.27328Z","times_seen":1,"resource_available":false,"data":null}},"time_used":639,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":638,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/main.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whitewhales-allocation.xyz/index_1.html","date":"2026-01-18T21:40:57.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/index_1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:57 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\netag: W/\"69620796-1ef2\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=msLCsg6Z5egOaliCzNmOrCcBbL2SvE2a4mCNyxZ8Wy%2BHZBmIo4tepPVILsamVB3RkFlb0tJUR7xYG%2FwqOBatU2EpziZs9s8pLkT5LA66YP8kZaRTPUqT7w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c0140f22a3b56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7922,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7922), with no line terminators","md5":"1f216e5143a1d3a59abf6d0141053981","sha1":"260102aa3f4f88cd051e9d5ea84ffde2538fcc44","sha256":"2df1d83244ca5ef0c0e749d6854927d7317de9b4735ea08d2ba06e1c836dfdaf","sha512":"a8f43481669d4b6fc0deafca36801a539dca1f992f2d75a93f2cb59e6743051c8d9bc30283dce8039a6a4cd2e69a43b538e7c08ea898fe21ae75259e596d5ef8","ssdeep":"192:UjT5pwq3bv9M6b8/888vdB3uacRu7boDVvQPkfNVb:UjT5pT3bv9M6b8iFB7Mhv2cNVb","tlshash":"c4f1e8da7f82b54202726db7108f6ce3a09d9f6259204c5be160c4d8bb37344e0eeed6","first_seen":"2025-09-06T12:15:29.241549Z","last_seen":"2026-05-01T15:06:22.861257Z","times_seen":201,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":239,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whitewhales-allocation.xyz/index_1.html","date":"2026-01-18T21:40:57.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/index_1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 18 Jan 2026 21:40:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=d6z4VD61TPj%2BdRpZAbclLgab68HyaiPBKbgBW6Ewtv9ShRbK%2FZX6VQOMWVgO%2Bs8yViUMVKNZ5mHHuyuGsPZUHT%2BwKtQq4eJLEsFBBL%2FHokvlXSisUN1uMicufeyVgcyJe%2FNvDNpKX1jWZdbw6Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncf-ray: 9c0140f23a3c56be-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1239\u0026min_rtt=0\u0026rtt_var=1185\u0026sent=257\u0026recv=81\u0026lost=0\u0026retrans=0\u0026sent_bytes=246521\u0026recv_bytes=7875\u0026delivery_rate=20079245\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=25204\u0026ss_exit_bw=5467833\u0026ss_exit_reason=2\u0026cwnd=22594\u0026unsent_bytes=0\u0026cid=11372513bbde2b1d\u0026ts=1459\u0026inflight_dur=181\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18880,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (18880), with no line terminators","md5":"99d3dc0c9cc7edfa4b9f7cde0cf45f95","sha1":"eb1c8dd96109886e9c60c4c22435b60e612ed0c9","sha256":"33b90906f357f61e9be1c484047e82073fd4ee533ee9ce823f387b63426cb1db","sha512":"f2b71d31519d84024ba263ac5aa3befe789c21940b4dca661a33c532aac57197ca645f15bc6b1818403bea1a747b4d6fd6b3b61ab04fc525eeadff4ce32c1b0f","ssdeep":"192:SfJLEOuDfj17n8hiwf+Avh8Y+3rOIXuOXbNAWqJCyTyQoSeysnMY3C1AxJSIzpr+:SfwDfjOh9hI3yOsWQoJMD1AxJXpPhKD","tlshash":"2c82c8c9b9eab518932e7854343b68cbeb7e9cc930185d19d3d0d9e5b931304d422e1f","first_seen":"2026-01-18T21:41:22.277421Z","last_seen":"2026-01-18T21:41:22.277421Z","times_seen":1,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/secureproxy?s=%2F%40v1%2Fcdn%2Fjs%2Fchance.dark.umd.js%3Ft%3D29479540%26u%3DCcnZwhA8SXAIRTcUGDY5MjU2NDNjMjhjZmYzYzM0MDI3YTQ2OU0-eqDhiGhGMPn5vg","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:57.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /secureproxy?s=%2F%40v1%2Fcdn%2Fjs%2Fchance.dark.umd.js%3Ft%3D29479540%26u%3DCcnZwhA8SXAIRTcUGDY5MjU2NDNjMjhjZmYzYzM0MDI3YTQ2OU0-eqDhiGhGMPn5vg HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:58 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\nvary: Accept-Encoding\r\ncache-control: max-age=2592000, must-revalidate\r\netag: W/\"a0502-14+i6Bt7XM8ofHk8WpmFyqoPYWI\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=chance.dark.umd.js\r\ncdn-proxyver: 1.43\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 01/18/2026 21:40:58\r\ncdn-edgestorageid: 883\r\ncdn-requestid: ce5985e695b704d402e7a24ec68ca52f\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4NUxIezer5SxOSrC%2BN7SxvuKYPz3Zv6MHJwFR9gQ51avZ21lcbnvrohnN5o5zeVwh832qJfr3DjiwDAv1Q%2Fz%2FHP9dyy12XKdFk6EYtlL5GXEY38Zvmd%2FFw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c0140f4ba7956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":656642,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"resource_available":true,"data":null}},"time_used":627,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":446,"receive":181,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/particles.min.js","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:56.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /particles.min.js HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\netag: W/\"69620796-5b44\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 267687\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hnBe08ZXjNJmafL%2BIpISBitBybVsiom99eHYqkf7yN%2F194PGvcT0psxTdDqNpCN0ErrUYUQ46N9RkzB3GWBOMHdmjIXuu1iL23HSvougYvE8TqZR1lmdYQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c0140e9f8c856be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23364,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (23002)","md5":"00debcf6cf0789a19cee2278011afcd4","sha1":"8017f8b1869077db728573f1ca4684a00af69462","sha256":"faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6","sha512":"29e7f9b1cee07d369c47b4d929e95cad1b35e62a5fefeb7e9fb661ea628d25b996fbf4517425bd9f07cb9f8617d2cda73ba2afe58d8286a8086a4682e8f5b4f4","ssdeep":"384:NkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:NC7T6uYvn8wRxwyryVOEKXW5","tlshash":"61a2934d23f73e77378ab2e09be9d122c774a4d1399b04b0f93c667da52549201ee7a0","first_seen":"2023-03-07T01:16:44Z","last_seen":"2026-06-08T19:07:39.702783Z","times_seen":5016,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whitewhales-allocation.xyz/f9fa0444b908def7e2cacce9c162c39a60167a27.svg","fqdn":"whitewhales-allocation.xyz","domain":"whitewhales-allocation.xyz","tld":"xyz"},"ip":{"addr":"172.67.175.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whitewhales-allocation.xyz/","date":"2026-01-18T21:40:56.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whitewhales-allocation.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 07:22:14 GMT","end":"Fri, 10 Apr 2026 08:20:45 GMT"},"fingerprint":{"sha1":"64:65:5E:67:E8:B4:DC:0B:E1:30:10:8D:71:CC:77:1C:4D:91:B5:BB","sha256":"44:C9:8A:EB:FC:1A:A0:8C:7A:0B:16:C7:9F:43:54:56:83:6C:FE:6B:F0:6B:61:F6:F9:05:FD:4B:50:3C:02:BB"}}},"request":{"raw":"GET /f9fa0444b908def7e2cacce9c162c39a60167a27.svg HTTP/1.1\r\nHost: whitewhales-allocation.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whitewhales-allocation.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 18 Jan 2026 21:40:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\ncast-mode: default\r\nlast-modified: Sat, 10 Jan 2026 08:02:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69620796-1a6\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5pEM%2BMgQV7YBYEUgYILMa78G7lsBDwM85Mbxf7qPbQPGE%2BhtaFXfOfj8J0xZGlADJfUNLquWKt%2BZqGJ8lcivBCBaHwxO5J9G0fek4MtprVXi7tAzdGpszw%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9c0140e9f8ca56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":422,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9e47aa80842b4d43a41898ac56baa984","sha1":"f9fa0444b908def7e2cacce9c162c39a60167a27","sha256":"e94f4ec3d5f854f7281c9c36eeff5313fe0b739a16c7f2b6336eea87f1c013d3","sha512":"be8707bd09706a2691cd3f855f1fdd9f5bc3c4b49c87c876b7da2dc97b611ef52ced2b5290afdc1bd9efd378e42d60daf38deca85f0c955a228dbb2f27daedd1","ssdeep":"","tlshash":"6ee02395523ed45d6403d94dfe2934d15856b1e9b3084ff9e354533c9cd09ff3441164","first_seen":"2023-06-14T18:42:25Z","last_seen":"2026-06-02T16:59:59.322744Z","times_seen":357,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"whitewhales-allocation.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}