{"report_id":"91cc1aa4-5afb-4b08-8d19-85c4afc5807e","version":6,"status":"done","tags":[],"date":"2026-03-18T15:49:50Z","url":{"schema":"https","addr":"warz-rewards.xyz/","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"warz-rewards.xyz/","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"title":"$WAR DISTRIBUTION","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"warz-rewards.xyz/","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-22T15:49:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"warz-rewards.xyz","ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-15","domain_rank":0,"first_seen":"2026-03-18T15:49:51.022447Z","last_seen":"2026-03-18T15:49:51.022447Z","alert_count":9,"request_count":9,"received_data":852121,"sent_data":4206,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"warz-rewards.xyz/snowflakes.js","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a492afe47e2af6e5f5cc87512db9b62","sha1":"47e1342d2e705c3fd5c917ac47d6c4ca6677ede2","sha256":"d63054d0d07b0e61e0f1e5a3ea8670fbe0f2eae377913603a043f03d1cb3252c","sha512":"4c14d1e90c11f74d16c28834f2ce68ee4acaee657f5d4bb7e7dc13def8018a5e540913481f757adb6d45187a306db0e7a4fd1a26f7dfa01253aa9f19053c56f9","ssdeep":"","tlshash":"08510d4860a23828157f631d7ad2988ce5302027be014d7ebeae42635f71c4cdc98dfd","size":2457,"data":"","first_seen":"2025-08-31T03:13:37.754782Z","last_seen":"2026-05-01T15:06:22.864567Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"78532b1c534a7f4e336074481c2ffd05","sha1":"a0fc3ac6ee1e58883121400a9e913c7198ac206b","sha256":"b04ac3f11d41293527181958275ebec38e2ca9aa8f4bf269ebd86f8dcbbcf868","sha512":"004ad8432c4c006d9f694fbc960d84a7f15f25ca50a53ed05b9f0f006ee923e559db825b67dc0709eb1ae624bde889fbcf85d0b311c4961bfd77785deaa226dc","ssdeep":"","tlshash":"68c02290c5e88920853c009a203023a870a0181d080262daf7bc484a2b8cfc04a44d22","size":194,"data":"","first_seen":"2026-03-05T19:57:45.158623Z","last_seen":"2026-03-18T15:51:32.25777Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/particles.min.js","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"00debcf6cf0789a19cee2278011afcd4","sha1":"8017f8b1869077db728573f1ca4684a00af69462","sha256":"faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6","sha512":"29e7f9b1cee07d369c47b4d929e95cad1b35e62a5fefeb7e9fb661ea628d25b996fbf4517425bd9f07cb9f8617d2cda73ba2afe58d8286a8086a4682e8f5b4f4","ssdeep":"384:NkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:NC7T6uYvn8wRxwyryVOEKXW5","tlshash":"61a2934d23f73e77378ab2e09be9d122c774a4d1399b04b0f93c667da52549201ee7a0","size":23364,"data":"","first_seen":"2023-03-07T01:16:44Z","last_seen":"2026-06-13T15:22:40.998432Z","times_seen":5060,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"adb5accbf3eea1a9809fe2f31a17dc51","sha1":"b5dd2e8dd5de9825a940e9b3cac200a1a3b022ac","sha256":"74f41e9217fdfb6538bad20759a5185689b15ad82280de27abe2dfc2b3c034b0","sha512":"01774b850246e42054968343c0726b2f1d81c0542a03f7cf26952862207dc1517e01bd321ce411cbbb8342b1a41c6191076139e4d6ec8a058ae1753a4c36cbeb","ssdeep":"","tlshash":"dc71282ce9b41cb3104ab07908be5247b570955b0d2a3d35bd4c829c5f0ee6e61be7e9","size":3587,"data":"","first_seen":"2024-08-19T21:41:20.669609Z","last_seen":"2026-05-06T23:47:35.269243Z","times_seen":366,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/secureproxy?s=%2Fipfs%2FVVjQVxihpgY5q4qgzIMO-Acaeb38ecc9fd2130287300cddd2934fb%3Ft%3D1773848968771","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a001fcceba753994e0d1684535c9bec4","sha1":"e0f766a2ac2d8adf4bf0d4df4415cca8b1eeb3de","sha256":"b013b4701e79a42f6426b8a82ab7e3ec7ab17082461ca2c1dad3ea625020e64a","sha512":"9d93f431665cdb1e1f00ca94cf08b4c96a2da0963af89016c94f28c9718b9382533f4b99711c6b3cd56fd59e768c2d362c8d1408544b509f7d52ea376804ecde","ssdeep":"6144:qh5gDc6Euno4xvlISDhTl0WHvfUp+v+9J87XGQOwOyyGpMy:qscZunzvlzSWP8p0Q+Bz","tlshash":"42d499c08b4c357364802aea15fb446fdfdc0de82e4be8536bd098b5e379b8351e5998","size":634355,"data":"","first_seen":"2026-03-18T15:49:54.035076Z","last_seen":"2026-03-18T15:49:54.035076Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"warz-rewards.xyz/logo.jpg","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:29.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://warz-rewards.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 39725\r\ncast-mode: default\r\nlast-modified: Sun, 15 Mar 2026 13:56:11 GMT\r\netag: \"69b6ba7b-9b2d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 260654\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9pV8h0OnfiMcKUVv5D9kCv2TFo4vUnQNi5%2BWzP0dbqg4bcD3LU3LmutmLSssr7BE%2BfbRUGoENA08Nj9hT6XCrvElUyCh6n0aa7FZ3pDmYLY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: 9de5633a1f2076a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39725,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.3], baseline, precision 8, 400x400, components 3","md5":"7a66e579af8623ae7cc4a6bbb2ece75e","sha1":"e574a7498a1a9cb8ee036fa4821f36ec178f931f","sha256":"ecf3e1ea2a07a4556adae13a88cc6a0c7f73b199bdf5bc00a48f6f93a94b7c3e","sha512":"33355013e62985ac86c02faa6ed7d1b72e4018ce8284cfc530a8b45ee101a9ea6180b4cd51fef81d7cc671f60e2af0f333264c1c41c926a2173fa99643cfb8b7","ssdeep":"768:fBcwCmMSjIR7JoIhggGvdA1KaRWVpH8pyKqbA0nQ4:fBFCqjg6IufvdfjHgscB4","tlshash":"d003f152d6062b57ea6ec33ad045d80cc3043f17e5bca64ff644461ef5f8caa75802ae","first_seen":"2026-02-13T17:37:29.70135Z","last_seen":"2026-03-18T15:51:32.238863Z","times_seen":7,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/particles.min.js","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:28.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET /particles.min.js HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://warz-rewards.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:28 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Sun, 15 Mar 2026 13:56:11 GMT\r\netag: W/\"69b6ba7b-5b44\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 233805\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UFKb5lW6GjOXCGrHOPAhSgZJN1lzvZg9ATnZIZM%2FKDZ18bk5x0ni2YjDSsk14j8ir2UXbyfAzB2rntM3oUQV7iOTJc%2Fqd%2FK35pjWBsljwYU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9de563368e6e76a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23364,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (23002)","md5":"00debcf6cf0789a19cee2278011afcd4","sha1":"8017f8b1869077db728573f1ca4684a00af69462","sha256":"faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6","sha512":"29e7f9b1cee07d369c47b4d929e95cad1b35e62a5fefeb7e9fb661ea628d25b996fbf4517425bd9f07cb9f8617d2cda73ba2afe58d8286a8086a4682e8f5b4f4","ssdeep":"384:NkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:NC7T6uYvn8wRxwyryVOEKXW5","tlshash":"61a2934d23f73e77378ab2e09be9d122c774a4d1399b04b0f93c667da52549201ee7a0","first_seen":"2023-03-07T01:16:44Z","last_seen":"2026-06-13T15:22:40.998432Z","times_seen":5060,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/secureproxy?s=%2Fipfs%2FVVjQVxihpgY5q4qgzIMO-Acaeb38ecc9fd2130287300cddd2934fb%3Ft%3D1773848968771","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:28.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2FVVjQVxihpgY5q4qgzIMO-Acaeb38ecc9fd2130287300cddd2934fb%3Ft%3D1773848968771 HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://warz-rewards.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"9adf3-4Pdmoqwtit9L8NTfRBXMqLHus94\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=ymg5Ex7JTOs6v2QFDVC5-g.js\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 03/18/2026 15:49:29\r\ncdn-edgestorageid: 883\r\ncdn-requestid: 989562dec6fbf2ae1a295083c2d69a94\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sEYvszeXCt4P5TEgkmJN3Xm0JtnhGO6LHKP%2FDsxkM7szoYbzE5BGhMo2oKvGSANWEaUrHBl8jE7kIC2xh7tRGRl%2FyXbSvpwGKVEiZYeBvj4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de563374e9d76a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":634355,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a001fcceba753994e0d1684535c9bec4","sha1":"e0f766a2ac2d8adf4bf0d4df4415cca8b1eeb3de","sha256":"b013b4701e79a42f6426b8a82ab7e3ec7ab17082461ca2c1dad3ea625020e64a","sha512":"9d93f431665cdb1e1f00ca94cf08b4c96a2da0963af89016c94f28c9718b9382533f4b99711c6b3cd56fd59e768c2d362c8d1408544b509f7d52ea376804ecde","ssdeep":"6144:qh5gDc6Euno4xvlISDhTl0WHvfUp+v+9J87XGQOwOyyGpMy:qscZunzvlzSWP8p0Q+Bz","tlshash":"42d499c08b4c357364802aea15fb446fdfdc0de82e4be8536bd098b5e379b8351e5998","first_seen":"2026-03-18T15:49:54.035076Z","last_seen":"2026-03-18T15:49:54.035076Z","times_seen":1,"resource_available":true,"data":null}},"time_used":899,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":818,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/119246100adcd76322fde730b9f8859e.txt","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:29.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET /119246100adcd76322fde730b9f8859e.txt HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://warz-rewards.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:29 GMT\r\ncontent-type: text/plain\r\ncontent-length: 0\r\ncast-mode: default\r\nlast-modified: Sun, 15 Mar 2026 13:56:11 GMT\r\netag: \"69b6ba7b-0\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\naccept-ranges: bytes\r\nage: 233805\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wLbF0lHczzMLkbdvSfGMrqXWeHBhQxldY8w%2Fk3z2XceYIIrXZco%2FTq2du33ZyS6Zql6yOPF%2F%2Fs7Ap52%2FO9rvMNYLw9basT4f4wtZmKdWA7Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9de563392ef376a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/secureproxy?s=%2Fjmpd%2F","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:31.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"POST /secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://warz-rewards.xyz/\r\ncontent-type: application/json\r\nContent-Length: 1466\r\nOrigin: https://warz-rewards.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1466,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QBAgPCAiYAEgDUArACKwAtAy4AAgEAUwMAAO8nhn2XtsKCAWuuh3RY6AR-WCJbo2cCAABgpHbvEeg_2lgTGhyBO5nWAPVZjzQcw1jaZY0u_uJJlcAu872t2LgnIuNTOujT0XT2uzQIEgMwc0N-l4yZuWovulKmapSrHlx_tBKt01RKVzBZDfkXlnR5UHikEdecak4B4X1t34q5_4s4ia-Mg8I3O3vYYCxiBn-HLqaybZa6iBA2KOkhKI1TGix63xYXdI8Rk7lOwUpUPIozf-LmIjX9NgGfUku5IKTIB_cAa6hIxJ7SjmjaBkq6AB5-wHzmx70BllrWrQQDxDG62peVeBjWrYBCwYwj1FdeHR33DqFFW7CrKq2YS--NT9hT_aVjO1gQBH-gSttIYNoBwjbEMZz1OvELOkrHx0mmLteb5zqa-wsQDvdQ25KeBKeGLYQo8sKDAUZnPUkRTLvreQ6QUUFT7130xPA9WhFFNIpgl3pBuXXqD6PqVNOxE1T4S1evsg6gXSHSLIs69eo1ueigLDaaDeaJpzte7nBMHahSn4jM2KkRkmnROCaDjaYbwucV5f5v8VqPOc9ZD8G0miE3Fw92nqeReJYSU-Pb_OsxAGict9f1u0kMagNQpVDB6RKnJRGRHYU_fmmjspbc4a20N0qaHlEhGlMlezyMdvmE1y2eLw7JgX5BR_SCK6Dh5_9lUzBc118H3dZjb8ZxEw2PZe8w7E3VykONRTM67F4HVc2jutQPZ7wYHU8VGmqBpzLFq0MgoYJukp9zZiZHZyWmZWqtku2h2371rRMndR_W-kNGBrRYpX2MhDs3gTqc9e094zQhLiWPLZWOEffoGhV-fe1ENwhOUFHMeSHfQot-webDfViBOVJ2fCxNgzEEF4aS28KiXFTmx5f9EkP4P_6jS3xVRUwjlxrfu7IBwtESciWYecyniw9c8A_WdTUGq9DXg553EprD5UrpmYKV2xyA6zoecrHRWT82yBjf8ydW5lYO5ij6MC52CsV5NxDLkNADdG6DpuesAHWxydp5xF4oXJAUOngYh5JPAYCU0_jcozZfSJI6lKjkCPve_sdOHS4aAlwiCIGkOfTuxvT284yixbFlrncLgFLmOLkVjv50v3w90omVKZNl5mZdoarW1b6t8Vo4fvcWZ1KLfcR5PVMRj6m0WEkElIgFV0_dDEpP0do5-nJcEhJFjmiN-WIT6MDAaonOegUc8Iefz5r0EA\",\"challenge\":\"eyJpZCI6Ik9WM2kyc2tjVmY4cXBVQXpYdDR3dUEiLCJub25jZSI6NDQsImhhc2giOiIwMDQ5MDVhODkxZjM5NmVlMzA1NWQwYjBkMThkOGY3NzQ0NTA1OWNjZmI3OGZmZTU5N2QxMzBlYzAwNzg0Mjg2In0=\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:32 GMT\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nx-ratelimit-limit: 10000\r\nx-ratelimit-remaining: 9997\r\nx-ratelimit-reset: 1773849031565\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 204\r\ncdn-cachedat: 03/18/2026 15:49:32\r\ncdn-edgestorageid: 883\r\ncdn-requestid: 482fd7c3a0288889d77a48a621bf1840\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l0fz1Rb2bDtIRZ0cAbSrYMNTJ2hkGelMna0Yv6KfkawxndCzsbmXi6K%2B5Ra9qZ5S8JzijX1s5vSorMA4G3rapMkjZeLwvl3WZsTq7C0hCXg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de563473a4576a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":790,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":790,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T15:49:28.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 18 Mar 2026 15:49:28 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Sun, 15 Mar 2026 13:56:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X7yExSenBDL18dkKubL7OeShPEqm5ZUu0haob40LRn5Si%2BfI%2FTvgJzFfbFfRiG%2B19ilexdhAxpxwVlbyt%2F9kLRBOZXoXEe3GK1zd0gkEyuM%3D\"}]}\r\nage: 260374\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9de563351f56958c-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":101291,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (62253)","md5":"96e926cb78e973e713a0f11459e9ea48","sha1":"0864d8f4b879dc2048ef88d93a674de2a126c751","sha256":"66e281038c00a3ae199b404c4a0e6c4d908118429ee707c56757408d69825fbf","sha512":"8b576572ef38a68fdd6aca0030ac08e9b2844d3bedec220059b285702e37e149f12890f925c24b4460a7e66c7e7ba16694db8efeb8664ab3a4261011db0e1e78","ssdeep":"1536:kgljBRvb7zj9Vc4yxvxE4ZJhMcR239kPJdM9Nt3ZrPLaZYb:D9PA/jMT39kBMt35PLD","tlshash":"a2a3706a4c5cab4e33321c2ecf13243e6e8665eeb60995df388f74ecc7664149665ce0","first_seen":"2026-03-05T19:57:45.156411Z","last_seen":"2026-03-18T15:51:32.234748Z","times_seen":6,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":120,"dns":94,"connect":8,"send":0,"wait":24,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/snowflakes.js","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:28.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET /snowflakes.js HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://warz-rewards.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:28 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Sun, 15 Mar 2026 13:56:11 GMT\r\netag: W/\"69b6ba7b-999\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 233805\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1OyeRtrXdvdxV6WxLv2lw2pRwy7olQ0BUeogunSZmTNaBr292b1rms%2BPgZrhY6PvpzzucrUnEOS9YpeCO5jlEkfaR2jZ2tgxyw2gmagyoYo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9de563368e6a76a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2457,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"4a492afe47e2af6e5f5cc87512db9b62","sha1":"47e1342d2e705c3fd5c917ac47d6c4ca6677ede2","sha256":"d63054d0d07b0e61e0f1e5a3ea8670fbe0f2eae377913603a043f03d1cb3252c","sha512":"4c14d1e90c11f74d16c28834f2ce68ee4acaee657f5d4bb7e7dc13def8018a5e540913481f757adb6d45187a306db0e7a4fd1a26f7dfa01253aa9f19053c56f9","ssdeep":"","tlshash":"08510d4860a23828157f631d7ad2988ce5302027be014d7ebeae42635f71c4cdc98dfd","first_seen":"2025-08-31T03:13:37.754782Z","last_seen":"2026-05-01T15:06:22.864567Z","times_seen":342,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/css2.css","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:28.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://warz-rewards.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:28 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Sun, 15 Mar 2026 13:56:11 GMT\r\netag: W/\"69b6ba7b-756\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 233805\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IKFjwDyNyoGuZQS4HYMADulaktttPMbA7HjlNb07UHSKIBvLFAXi0DUnJX5gxNyT036IJAt40SHOfohy%2BXN2uPrGkk%2FDKkK%2BBgqbgAskyH0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9de563368e6b76a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1878,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"9062a655afcc97c2d427b10f735a8aea","sha1":"b22103ec1665985589e0be5b9f5e9686461dc12f","sha256":"66489ff17cd8cbe69f7dc79d660975d2910614eda742803f69181a0ecf3bc4bd","sha512":"ab721d03c97484fcb5cef9844c74968d7bb643c1ebee2eea3a2e8129f9366306f24d0b42e6889213aa56bd28047ad42645cbc4457fc3dc681dd8e7df4d4265eb","ssdeep":"","tlshash":"89419b414c3a5104a3d32ce263ce7d31cd4ef244b045ca34bffe1859ac4ad6563a4b5c","first_seen":"2025-08-07T19:45:13.885497Z","last_seen":"2026-05-01T15:06:22.858559Z","times_seen":359,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"warz-rewards.xyz/logo.jpg","fqdn":"warz-rewards.xyz","domain":"warz-rewards.xyz","tld":"xyz"},"ip":{"addr":"104.21.85.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://warz-rewards.xyz/","date":"2026-03-18T15:49:28.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"warz-rewards.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 13:37:03 GMT","end":"Sat, 13 Jun 2026 13:37:02 GMT"},"fingerprint":{"sha1":"F6:07:75:62:9A:54:4C:D2:4A:71:EF:4C:F8:F4:66:F9:A3:57:CB:E3","sha256":"E5:FA:D5:C0:5E:DC:BC:59:FB:23:66:F7:DE:84:09:D6:D3:E6:BA:1F:D5:E9:B3:29:65:61:47:BE:23:0E:19:ED"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: warz-rewards.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://warz-rewards.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:49:28 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 39725\r\ncast-mode: default\r\nlast-modified: Sun, 15 Mar 2026 13:56:11 GMT\r\netag: \"69b6ba7b-9b2d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 260653\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V5b%2F7RAov3C8O%2BkYPYZNxheomo4kt5PREJfHwJUZNEENNoZ%2B7iUAOB7DA1r6CBtQW3DHc3nB3HQ0LRChEeMVXg3xZi%2FFRFeqaVkPVCsPBEg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9de563368e6c76a9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39725,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.3], baseline, precision 8, 400x400, components 3","md5":"7a66e579af8623ae7cc4a6bbb2ece75e","sha1":"e574a7498a1a9cb8ee036fa4821f36ec178f931f","sha256":"ecf3e1ea2a07a4556adae13a88cc6a0c7f73b199bdf5bc00a48f6f93a94b7c3e","sha512":"33355013e62985ac86c02faa6ed7d1b72e4018ce8284cfc530a8b45ee101a9ea6180b4cd51fef81d7cc671f60e2af0f333264c1c41c926a2173fa99643cfb8b7","ssdeep":"768:fBcwCmMSjIR7JoIhggGvdA1KaRWVpH8pyKqbA0nQ4:fBFCqjg6IufvdfjHgscB4","tlshash":"d003f152d6062b57ea6ec33ad045d80cc3043f17e5bca64ff644461ef5f8caa75802ae","first_seen":"2026-02-13T17:37:29.70135Z","last_seen":"2026-03-18T15:51:32.238863Z","times_seen":7,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"warz-rewards.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}