{"report_id":"cc4c9a6c-885b-475e-925d-14d4978b79ac","version":6,"status":"done","tags":[],"date":"2026-04-27T02:39:55Z","url":{"schema":"http","addr":"rexas-com-claim.live","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"title":"Rexas Finance","dom":{"size":53556,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (4564)","md5":"c33c77789761f453e0bd3d72dc0841c6","sha1":"ec6b8d97dad5f96c5bf3c54f4e7c409e90bbeb49","sha256":"3146d79afd79026f2962a2794b3fc46794b850e31a116bba4506f1db2a74f883","sha512":"9aa74695f3f5b9f9ce56d43eb7749c1000856cc450129cbbd6d6a585c9ddb3f4580bd2436660cf11ed851e0e6eee5733ccd13aeb7de0223904117d3505cbdac4","ssdeep":"768:9J48cazQxluCn/oRbyM3la18gOqeejgD5wD2S8ODn/EgJDzTxqAKpg/7pVuxR7Zj:v4/OaOS8ODn/EgyYK9d","tlshash":"2d338420d1f1152f510380d6b7666e6b6fd2d283c61a440877bc0bbaafd6c86dc7b1ad","dom_hash":"domhasha9279157da28c507d3efaab1d72cba68","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rexas-com-claim.live","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-01T02:39:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-26T22:16:47.246638Z","alert_count":0,"request_count":5,"received_data":57905,"sent_data":2725,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-26T22:20:29.825994Z","alert_count":0,"request_count":2,"received_data":24331,"sent_data":1058,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"csp.secureserver.net","ip":{"addr":"23.44.47.70","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"1998-03-30","domain_rank":62352,"first_seen":"2022-12-18T21:17:09Z","last_seen":"2026-04-20T06:44:30.515553Z","alert_count":0,"request_count":2,"received_data":1014,"sent_data":1130,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"cdn.gtranslate.net","ip":{"addr":"104.26.12.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2011-05-26","domain_rank":101861,"first_seen":"2022-11-07T21:49:20Z","last_seen":"2026-04-23T08:02:51.132796Z","alert_count":0,"request_count":2,"received_data":22986,"sent_data":884,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img1.wsimg.com","ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2008-03-17","domain_rank":58983,"first_seen":"2012-06-20T14:42:31Z","last_seen":"2026-04-26T23:26:49.005297Z","alert_count":0,"request_count":2,"received_data":209904,"sent_data":884,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"rexas-com-claim.live","ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-27T02:39:57.205866Z","last_seen":"2026-04-27T02:39:57.205866Z","alert_count":47,"request_count":47,"received_data":3328727,"sent_data":22542,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Slick","description":"","website":"https://kenwheeler.github.io/slick","common_platform_enumeration":"","icon":"Slick.svg","categories":["JavaScript libraries"]},{"name":"OneSignal","description":"OneSignal is a customer engagement messaging solution.","website":"https://onesignal.com","common_platform_enumeration":"","icon":"OneSignal.svg","categories":["Marketing automation","A/B Testing"]}]},{"fqdn":"plausible.io","ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"domain_registered":"2018-12-30","domain_rank":8565,"first_seen":"2019-02-01T08:53:03Z","last_seen":"2026-04-20T17:08:29.481039Z","alert_count":0,"request_count":2,"received_data":6724,"sent_data":986,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-04-26T22:25:05.471148Z","alert_count":0,"request_count":1,"received_data":317476,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.onesignal.com","ip":{"addr":"104.17.111.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2011-09-10","domain_rank":31060,"first_seen":"2015-04-22T13:41:50Z","last_seen":"2026-04-22T18:25:39.644485Z","alert_count":0,"request_count":1,"received_data":1429,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/app.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7a1cdd5318110c34da202779a4d7cc7","sha1":"549520e00b5d7629ef0b7336a666ece5d57bb985","sha256":"c0a93b2102273428dbc1e4e966cde6c6757441062ea9e24f4d615061d35716a9","sha512":"743f68afabca12faec7f9adf3b73081a1292ae21d31b62ea164ebea1ab119b1d935d72eb4eebe8afd7efc06a8b91c59a84ccf50d593960fc61a7a00cca1f819c","ssdeep":"","tlshash":"c7119c0bd8766463602f517eda2ee34567a5400759ea6cb0bacc01840f4d0ae36f2afc","size":969,"data":"","first_seen":"2026-04-27T02:40:04.608885Z","last_seen":"2026-04-27T02:55:38.404454Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-MS4W49TJ","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe2eae895d14cdb9dea439a420ea93bd","sha1":"efe40e67ae873049ef5c3832fdfa9f8fb0cd5119","sha256":"b2960fa2a3dc573eb2b0d226f2f61e1f731d8f42644cb6557a32f50ecfec1e93","sha512":"341975dadd75259c3969967f4c7b4cd1506333109445e3ecab8b55047107617de1d98b4601a81b36ddc98a0a9650f7eeca9c39aed3e6e6eb37314bf5129e038a","ssdeep":"3072:De+UWHzdkfuzVo4lEHaJeB0RjaMbraAyCQsVjgzLLA6UeCnwvpASTbquCKVqNGyk:6iFze4lEHaJMOg3LDUZApASTbqjKVgbg","tlshash":"f964f8cdb3da746683a3a478903f114bb23a7892f84cc899f182d8d42d746694277f7d","size":316826,"data":"","first_seen":"2026-04-27T02:40:04.592844Z","last_seen":"2026-04-27T02:40:04.592844Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gtranslate.net/widgets/latest/dwf.js","fqdn":"cdn.gtranslate.net","domain":"gtranslate.net","tld":"net"},"ip":{"addr":"104.26.12.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"045e5b73ed912826c121b43dde0c62cd","sha1":"b7eda70a8c647c2f1cf131fd28faff9dacbdfcbc","sha256":"47124c8f95a929f5753a8f602d70bbcceb5f2511488c3de0fffee6865b89513e","sha512":"a71e02fbf9a755034db82e69e2e7af065f3d1cda4af47e40bf757d9dbed9ce477d9a26ba9bd6524ddd0fe7cc21945270655fbffac9d0c35543ba2a5322cafe24","ssdeep":"384:AzCKMPZATN09o0mtYo8XgV8lvSdDswFi2hS4DMbH:AVMhAh060sYo8Xk8lqdpk","tlshash":"0192f96611f7003e9917036aefbe4b1c60b902774004e920bfaedd829fc1998c677ad8","size":20894,"data":"","first_seen":"2024-12-27T12:55:51.254789Z","last_seen":"2026-04-29T05:22:49.224307Z","times_seen":1039,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js","fqdn":"cdn.onesignal.com","domain":"onesignal.com","tld":"com"},"ip":{"addr":"104.17.111.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a00076bd699df812e779da9a4115e447","sha1":"f34870bb42ddf743ecf904561fc2ad6fafdf74d1","sha256":"b654b653e01469d2098282d49bf728c4d90d0f736c02618f72a78d0d6089e86d","sha512":"1b0cc0e49200c254915e559359051db46a437aa8c50d105ed559a10f8f563039377f16d80eba84131dfeef677630056aa11df27785ae10103c5fee1ff1a1797f","ssdeep":"","tlshash":"77f0e18b5b702a24266d488a673384496332a12cd8f690d1b7cb485c3011fa6879be3a","size":590,"data":"","first_seen":"2026-04-01T02:18:52.83901Z","last_seen":"2026-04-29T07:29:28.025036Z","times_seen":1029,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0962fabe6c7aa6d803c61872f2fc6c5f","sha1":"463a1716b83dbc399bf5df23c507640a27fbd570","sha256":"1ea332d5ad863c68c415e3305921524c6a2ee13046ff82f38c47260caefe8175","sha512":"a486066956046e008e356a3f0f96fb5b9daa13511bb0a338ab4ddae7fbb36303a51679cfa655125fb3862ad714ab767fb4b8d7e5cbf527bf96e4b5636126639d","ssdeep":"","tlshash":"43e028fa78150c7171dd05f533b1a11871431108680d1c23cdfdc92428189c74c134dc","size":342,"data":"","first_seen":"2026-04-27T02:40:04.63833Z","last_seen":"2026-04-27T02:55:38.428438Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b415ed6a5114145b078b70c3a92e49d7","sha1":"16f6e98f0a2417fa821450d83f092dbc8f9aea41","sha256":"ffa4813ea5be196fbfff89e55d7e98d6747d756961d20b1027a28aef57631fa0","sha512":"b13d44342abb6b343629adc87bf4d223795c62c04952de576bd495f8008b8bfe778b8dd3901ae58357a46f6fa4d19e9840e6a7dd275790d1646348c2629aea4b","ssdeep":"","tlshash":"20b09234a018b24c44383000132b3307b4320816508427023602c553b832e878720f99","size":117,"data":"","first_seen":"2023-03-07T13:23:40Z","last_seen":"2026-04-29T06:11:28.743601Z","times_seen":3382,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/jquery-3.7.1.min.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-04-29T07:32:02.255393Z","times_seen":146348,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/traffic-assets/js/tccl.min.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b309239dc60d45e344f4d49a2c5f041","sha1":"c3f931166c53c402c065d8d63119f1009bb30ccf","sha256":"aed4593b11665f063ca6e5e6184435777c74615f5b5991ccdf4acfb8b08e2431","sha512":"4486905b59f275f398b0ffb6aa63dd92662a12d674861b2464a11797f6d0c322df6504f16dbd7c67b3562a9af55e32f344ee8ebc6b5dea2af869630099341a37","ssdeep":"1536:CzSGh6DmEMRNJHY/vbV4vlzH9UOa3mTM+xLxCLuf:8N9Y/ZE1f","tlshash":"33a3a598f6a1f07142e76165412f010bf379a966b0aed0d4e725e8f4adf84ce8173f29","size":104464,"data":"","first_seen":"2025-10-08T00:41:42.369445Z","last_seen":"2026-04-29T07:34:52.566274Z","times_seen":19710,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plausible.io/js/script.file-downloads.hash.outbound-links.pageview-props.revenue.tagged-events.js","fqdn":"plausible.io","domain":"plausible.io","tld":"io"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d0e4602544fdb71b94f53d0873d8423","sha1":"fb0a9cd646aebf2e832eb80fe614ee4a968989f5","sha256":"d2286efb6fd1cb9d37111479f5a1cb0acc47f303e5046aeaac4a0418708a4f9b","sha512":"f371d4d2a9329f89a45969e142308f8aa7fd61c6b8761c0ebc49355a1185b7db470fc213ee8ade881b448415f9cbad3e087495be7531414598e55116c44e04d9","ssdeep":"96:oHD50uAtq/vnfesDDrpLG09bT2WA+8LjlWny66gEhBV:AD5jf1DDrpLf9X2WP8LjlWnF6gKV","tlshash":"94b1a3edb64271b555fa9126ba6fb3027a3b2462340e5400682ddcc13d28eaf9377d8d","size":5216,"data":"","first_seen":"2025-10-29T17:07:00.589946Z","last_seen":"2026-04-29T05:38:12.711691Z","times_seen":382,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"42ab6310e44cf60d27e60d5a9a0de5e3","sha1":"c5074d466d8e390cb080375c66e2e5b3e2589a72","sha256":"1e199d01a7d40ed18cb00583ab5f0fb59820eeba081c07849fad3533a88ce8a1","sha512":"c3dc7141ae2c1c608f9e7106a671df21c644e461fd8855e197db97e11826edc513d8fef6807a6d6a5cef6144f6ac2d8d9e1ba34c7ddd895c8b3f5919b1cd1f73","ssdeep":"","tlshash":"0101fe5da64c007c52cb7033ebb74807672cf168bb75e05bc9098de69933ac5ec288d9","size":716,"data":"","first_seen":"2026-04-27T02:40:04.640591Z","last_seen":"2026-04-27T02:55:38.429558Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d6bb0023dc53282fa49e68d2f1888c9","sha1":"23caf7ee63efa66e60a8ea78b16a6a8fca04e40d","sha256":"ef8f3501de9a9daab9e8786c34fdbb3478761d37ed27639f07c6762c86ccae2f","sha512":"50456b546fced41c0bb4f85c3484a2cade325fad5278de938d13c7e4fddefc1bee32392d1c5daa24ea8246cc54f63213e12d70628a49d05a0e3d7ae357fde152","ssdeep":"","tlshash":"0ad0c75b207787d1952eb46df236654c7172921544f1a5c3bec49094ee18b079032f47","size":209,"data":"","first_seen":"2026-04-27T02:40:04.641733Z","last_seen":"2026-04-27T02:55:38.430175Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"49fb4e6760102e1039006f2a577b4e8e","sha1":"6c3c83dc751745b915aa228c2aa8819fe5ddf322","sha256":"8f51ce948e03c7e7a7773b8f0f51f66dbf18822f916b5a9b9525d5f1d347d089","sha512":"194d659af9eb19cf7e284f1bde383925ec0edb231a00131ca88a545cce54a00e8edd6604479f3de18c85ae140df3f18e616eed3b3d5d8339831ed66f82da624d","ssdeep":"","tlshash":"32112224c6940c6d628b030e2d59af41005a84b75d8cbe147b6e8ced6f9f00f8eb275e","size":860,"data":"","first_seen":"2026-04-27T02:40:04.642923Z","last_seen":"2026-04-27T02:55:38.430747Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"031f2c6a2f5e6bc83bcb880d1f689847","sha1":"3ee86c47ad8af8920b1fdc4a635152e0245b5594","sha256":"718fa0cfae0bf751a95184e839e5b79201ecc3930de70716e0cdf2ac5ade5841","sha512":"d23d319d3d0d769253cf51b2d85646448b6a4c6ba492a2686bb14a6808cfa57010532581d10fb68671b998f5b17e819b5de99091b83e9647ebb7a71dc195546e","ssdeep":"","tlshash":"d9e0c00dd00a40c513159844711119afb71ac3fac3482c9dc714493925cf00bff9d1d0","size":361,"data":"","first_seen":"2026-04-27T02:40:04.64409Z","last_seen":"2026-04-27T02:55:38.431248Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/slick.min.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"efe2dc57bf7b73137e9642e586ee272b","sha1":"ef584add252ef75060da8df06eb5e859caaedb37","sha256":"27bebe78e3b6a4b1664dd4fa83a8cd0187f051631a06248fefa3ef3991a5a92a","sha512":"5bed459f087e94f50bf65f4aac3b77314d2128c6f47480ccb3f405fd8a81e5352a68076d341a8d24572168afc5edcb447d590e7bbdcd834b3f87cbea13126f25","ssdeep":"768:4rkkX123A5YHi6pWzYdlNWYcx16nnYdXRRMd2KYCQCsPShb1ez7RFmYf:EPrYdlNixEePiYf","tlshash":"0513a549d205276285d721e62105c40eb3f7fb3cba22c0e475c9d3ea646ec4896d7bfa","size":42862,"data":"","first_seen":"2023-03-07T01:10:46Z","last_seen":"2026-04-29T07:32:46.490195Z","times_seen":6817,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/bootstrap.bundle.min.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e477967e482f32e65d4ea9b2fd8e106","sha1":"ddc6e9ead6d16ae9237399ce41e8c1620cc59c36","sha256":"0833b2e9c3a26c258476c46266e6877fc75218625162e0460be9a3a098a61c6c","sha512":"ecf8bfa2d7656db091f8b9d6f85ecfc057120c93ae5090773b1b441db838bd232fcef26375ee0fa35bf8051f4675cf5a5cd50d155518f922b9d70593f161741a","ssdeep":"1536:WmwIiEEO+TBR2t4J9RirWDKsVA5y7fy3YJtC/r/45wZbfbXZTb0WU078:HwORx3YCD45wZbDZTb0g8","tlshash":"ce73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80721,"data":"","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-04-29T07:27:21.599897Z","times_seen":23425,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/9.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/9.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 6099\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-17d3\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lRKJFd50oScQ96ancvWKimPh39CHagb9KIHjhtUugmEO9b3s%2BkoEDpXbKdwl8JNP9DOkjUFY8fcXJU2NKNvMGZ0eH4OK8e79yzPAh5eyd%2Fcnft0PgMXA%2Ba4zHlCPqq9j6LsR%2FzJ41g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa675ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6099,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 364 x 86, 8-bit colormap, non-interlaced","md5":"006dde865aaea3129e5b0b9d9169cb7d","sha1":"eda99fafb6775b87978356133f740645f9910714","sha256":"e891a539f2a22dabd4c02e7fd609a4ba64fd05fd3cb0a78908061f1bf39fea3f","sha512":"74dbf07e558b003be447bfa55cd9c0269c2529cc5a5bc2944e5af321303e1cf3d3a2113d987e66b391456a32df2f0d3e8e08605ee096ccb8f5ec6405228519c4","ssdeep":"96:p5W3wP5VIISkfoOJOCCiV62zsdDIjECsIxYqRSPLUYSHj1Qx24+Sn31ugQ+:nW3U5pwQ62+IjrsIxYfLWjKxv31D","tlshash":"50c17de57896deabea47880654125654feb62cff1e0053d00c1278719ab514f27ce3d2","first_seen":"2024-12-28T18:16:17.988841Z","last_seen":"2026-04-27T02:55:38.387432Z","times_seen":12,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/feature-two.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/feature-two.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 244612\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-3bb84\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yOaGxBoBKAEXqBPr3tzoJJ167Cq8f8xOH8oKvGgSrcMO5FpBp3a%2FIm0CGcSnv%2BzZh%2Bi3s5ohNlTx6hDpn2YPvXfL2sS5txTF%2Fkg3RKDyd%2FZ2sPJWHBOazbM%2FzUXEXQUA5qaLlaQuJA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a75180a705ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":244612,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1046 x 1218, 8-bit colormap, non-interlaced","md5":"8b149e2cf9e78d6de38fcdeee2feba68","sha1":"adb44531e798b428a3a58b86a40c3aeafe7ea497","sha256":"1d11fb6a98ad108116d3312e5947f37fd3ca27cf5a15a7f1393617a955f484c0","sha512":"cbcbe137b894ff6a78ff9df1bce743b77bbb56f7541b1542932b59747b4975d03a262a7978ba79f8a4e72b0ed651b1b64d83769d135741ace9ac860894e276fc","ssdeep":"6144:Xy36JEnN/qWYLzEFwqyOUuHy7JGWe2o+i:Cq8qEFZyOS7Ecni","tlshash":"d43423ce8dd8e570802bc6dbdc29e54892558dfca521776e10e4c70db41b706a8efabc","first_seen":"2025-09-08T09:28:19.685741Z","last_seen":"2026-04-27T02:55:38.417588Z","times_seen":8,"resource_available":false,"data":null}},"time_used":464,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/4.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/4.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 29012\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-7154\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7rZxQXUJ1xfLdm6V%2BkeM96UsEDWSxtrxodoIEd0Q9b6ugZuQfILErde0x73TdmW6CJqkMl6n1I1xTpmdWvb8QHpyeFAP1ZkCCjzkGXVBumjke5Nz70oG8ZcsXcbt5u5lfWo0fhRXhg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a75180a755ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29012,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 420, 8-bit colormap, non-interlaced","md5":"52e4363c7bcffe3b0f0a821a81a5610e","sha1":"3e82db433dcd9b69a513aa5b4d9b06fb07195e7a","sha256":"8e085c8bf0536c712527f5bb9c8e38e684337168fc79788d3dc052229045a23a","sha512":"26cafe39d583948797dee69fa01be6442e38a2743bc14d953d5a5b8d0909f4cd619357597c8e4b12c7163b5b268fa297570a85cb2e90d497b55a5389ad2062ce","ssdeep":"768:Pc0D+jtwNvWYsCrOs4ZMywFi/mK0opLciEfysEt2Gt9q+O7:PPDSuNvWYacK0Fly3tBt9q+O7","tlshash":"84d2f1c3b1aef83d504765f9e971b8b2e22560059f407d022973865cf80db94e9de51d","first_seen":"2025-09-08T09:28:19.665982Z","last_seen":"2026-04-27T02:55:38.422429Z","times_seen":8,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/tokenomics.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/tokenomics.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 712954\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\netag: \"69e63f59-ae0fa\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YLCxWH9rsSLYytwwiD0JXDoiwGDfbd7wMZBxBE4uc8WrxBy2V4nm6QUkDa5iZCCIYGrMXkxGyPOxr6z%2BsqW8md3Hz9klEI98Dqc5sBqLPongA%2FmBZ8iJjYNvraleInlOY2YSt6q%2Bfg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a75180a765ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":712954,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1944 x 1307, 8-bit/color RGBA, non-interlaced","md5":"b565e8d18c0eda55382387637509c0b8","sha1":"8d804129bcd736ffe1184989fb897524f1456330","sha256":"7c129c3f8e3de39d0d45a6287fa6ff49ab212dc55033fbb24c0e3cddaa19f8ed","sha512":"efd39c2a30a7a43f02a1f3b1ae47fe57f1082c3c35e360ffbc237fb815362186aa03de4255eebdbea57a41659c97ce05e591f1c98608bcfea8978d74ff520136","ssdeep":"12288:ntKSme234IfEoEdlKR4MDU2kIDjqY7Gy44m5O+p1wnggcsIfGZGYxCSRdITjmHiE:n4SPOfTpPU23Djqnh4m4+fHgG0GYxCyD","tlshash":"75e4124c85f573bef912ac76958a0ee8a2b01f9b05fdca4dc16d28142db50fe45af423","first_seen":"2025-09-08T09:28:19.708048Z","last_seen":"2026-04-27T02:55:38.401585Z","times_seen":6,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":207,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7748\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 23 Apr 2026 03:04:46 GMT\r\nexpires: Fri, 23 Apr 2027 03:04:46 GMT\r\ncache-control: public, max-age=31536000\r\nage: 344087\r\nlast-modified: Mon, 15 Sep 2025 16:36:26 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7748, version 1.0","md5":"a09f2fccfee35b7247b08a1a266f0328","sha1":"0da2d17e738f46d2a09e6fb7969da451719a9820","sha256":"cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446","sha512":"5e3f9a298003b84250ec6801e08ad2a4ff8845d4c3e13ea61bec37da24d26ede13b436257882124cc0c27e9a323ba92e7d23c6ad3f48a7b75535f5ed98813a0e","ssdeep":"96:0g6vAF/FXh6MmoI56TEwosGU/DbVF/QBT1gaHEYT6u/w3hXLbJPAS772+6haAftj:zp6x6TYpoDYBJg8TRkbJPAS/2+CzQa7","tlshash":"f3f19de65d1e5e8980f0102f6f6efce767950d88141dadf9a9e72f884c6ba1b04c90cd","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-04-29T07:34:57.694646Z","times_seen":209787,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":171,"dns":1,"connect":15,"send":0,"wait":18,"receive":1,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/15.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/15.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 7149\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1bed\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uaWkAq5F2HvWaRc%2BzvQivvfKjB3Q37T2f9IDYho4am7SCkQAzUH%2FXZc0k4VhDMf798yXq5oQgB5Kx8wTdlAyXelBlmDgFfPeR3LR4VWiujD2pw5gEgLV056HZqBjLq6Q6rqaFnAvgA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa6d5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7149,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 749 x 67, 8-bit colormap, non-interlaced","md5":"2dbeb234f80c3a30f76bfe8b88be1934","sha1":"eba07b9f7fe3d9561d4d3aec08f3a6dc3bd0ca09","sha256":"3c23c8070631656ba0240ec2edf1bc4c2bd754675bb15aedb0c4c4a1f623f4e8","sha512":"f455de94ef19d8708cb7310f1355bd0bd5060baa67cb398ccde7d9079be8dceddd760d2463f5b19031ba6b0aca4ebd8896dfdedc267001e56df3ae75c665780e","ssdeep":"192:b9SXHlXSNlcUkYtZEM3yVPmT0c09JxJWp8NZy8S2uZ:JS1i0U5ZEeyV+ThmWYw8s","tlshash":"b4e17dcc9e74a0243e9e2ac5ce389d5abc336d4669758902933cf19743f3a1ac83d581","first_seen":"2024-12-28T18:16:18.006475Z","last_seen":"2026-04-27T02:55:38.394075Z","times_seen":11,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/css/style.css","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/css/style.css HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: W/\"69e63f58-f5cb\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YZBR6TlbPwbSIpSBNHet8WyPNGGBFAfmxXtcyLpZk26UMGneBoWscdvY%2BhIF7ioNzjmsbsJjq5KhY%2F0tVhx1%2FERqQU%2FND%2Bbik9k8aIerf2Nknr86ZVnjlD54BNH%2FqnhzY7IhfenAPA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a7517ea5e5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62923,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"0638c5e8b3715dbc468390075ab00bba","sha1":"71788f1be142f1612be57b3be5828e01d26f06d6","sha256":"b6283f8b6a52a74e1956ce6f346d5d48a3a55d671fa89d852851c7056d4c5890","sha512":"5f30de8912f5b7ebef8b4bfc7a40b9e4c20231afc2cc1b217fa42dd34e86c62a2f5afedbfe0560cce18532e98b96414c8d6b819b6b0a937c877adfa32d1f1cf5","ssdeep":"1536:wX+tsNA+a/rI+65Yw6rU+eHaw2rmwqYEUQebpyvrUqfrUC8H3JhxUP4g:V+uQ8H8b","tlshash":"ce539496b6f15204742f9d6936d6efa5733c80428a0ece78bbd1201ccfc96e552a378d","first_seen":"2026-04-27T02:40:04.56794Z","last_seen":"2026-04-27T02:55:38.407299Z","times_seen":2,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/6.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/6.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 4891\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-131b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AQsXMemYrzkXOCxVMkTeOBeZNK%2FoEe0or3DQM53k08Pszp4PIktjzNbuzF9ma4qDddqkc6zt0ugpIMb22%2F3qr%2FOwWpiMzsQClvNS2VL3e8Hd2qg8CWDLckpUR2CRTP47R%2F1YUEZ5mw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa645ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4891,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 77, 8-bit colormap, non-interlaced","md5":"cba9ec6e5fe3ae5340d57d4781ccc6ab","sha1":"76f1cb9db5950c47cf542f227bc07161157a0aa5","sha256":"31a89a7c3fc09afc68e62bf7383f750f95e458d56bf2b68aaaaea27a905e5e58","sha512":"3cb7932fd86b24ae9226907d3d78c1361fa68cd4faf59d21adb6b234ad5b4c4ed0a3624d0d27338eda48980aa63e454db8b395e1f883b72ea653636482a22e7b","ssdeep":"96:LXUiKW73Y7eQRvrpHFwUhUOwpuB+lDuP3H/VkepqxvcVerGbHR4A:bbQRvdFwU6ObB8DwWepskVbbx4A","tlshash":"3fa15d8d52a374c466d40a8ca6a8cd757fadec2132014f0ae17ab5bfb4fc31594c93ad","first_seen":"2024-12-28T18:16:17.97854Z","last_seen":"2026-04-27T02:55:38.391117Z","times_seen":14,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/5.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/5.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 35601\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-8b11\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kEtdIJEClNH3XuB7SlY6w62LSYCBNF44tb1QVsX58%2B8R2e5FyshRrN7MUpT0QVP9RrLjvO1dwhUlSFAfPP46fWe4mXWRJAGj3ShaBvfy%2B9XLv4QLdRErgokf6ZcPkCG%2FdJ%2FWz2yS%2FA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a75180a725ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35601,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 420, 8-bit colormap, non-interlaced","md5":"bc38e5603d960025a449f7ea85fec04d","sha1":"bc1111850b868ea4ff0de2bdf3856f41e62b8a9a","sha256":"6c46fc6c2dce5f4ee38b303a0f8d90b22f2b0744c10b298538e6146a61b68bb9","sha512":"53c59fd6ef7625a799bc4a20ac834e1e3edd91518d15ee62146141464f78a32c2038886518dd2047eda14a69abdb95b07e3d24ec0c1dbc0babe9b119126c8687","ssdeep":"768:KX+WHJDhE3hO88vSpW2NrIigrUoQ9O77FNW0B/:G+DM8MSM2N9WUoXdAC","tlshash":"9cf2f118fcd274c6fdbff424744ea2884e2a3239fa214c334181aa6db869606115fd7f","first_seen":"2025-09-08T09:28:19.693103Z","last_seen":"2026-04-27T02:55:38.399986Z","times_seen":8,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plausible.io/js/script.file-downloads.hash.outbound-links.pageview-props.revenue.tagged-events.js","fqdn":"plausible.io","domain":"plausible.io","tld":"io"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"plausible.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 00:01:50 GMT","end":"Wed, 08 Jul 2026 00:01:49 GMT"},"fingerprint":{"sha1":"3C:FD:B2:2D:F1:AA:C2:3C:B7:C9:7E:35:CA:DE:08:DD:82:76:F7:1C","sha256":"63:5B:85:93:21:76:43:35:07:9E:64:87:C1:FE:5C:99:39:EB:FF:C1:D9:17:BF:0C:D3:41:24:A8:B0:09:B9:26"}}},"request":{"raw":"GET /js/script.file-downloads.hash.outbound-links.pageview-props.revenue.tagged-events.js HTTP/1.1\r\nHost: plausible.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: application/javascript\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 682664\r\ncdn-requestcountrycode: NO\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\ncontent-encoding: br\r\nvia: 1.1 Caddy\r\napplication: 127.0.0.1\r\ncross-origin-resource-policy: cross-origin\r\npermissions-policy: interest-cohort=()\r\nx-content-type-options: nosniff\r\ncdn-proxyver: 1.51\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 04/26/2026 15:35:09\r\ncdn-edgestorageid: 830\r\naccept-ch: Sec-CH-UA-Platform, Sec-CH-UA\r\ncdn-requestid: e5f4366fcf2c497a1feb4d626a3a3f3c\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":5216,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5216), with no line terminators","md5":"7d0e4602544fdb71b94f53d0873d8423","sha1":"fb0a9cd646aebf2e832eb80fe614ee4a968989f5","sha256":"d2286efb6fd1cb9d37111479f5a1cb0acc47f303e5046aeaac4a0418708a4f9b","sha512":"f371d4d2a9329f89a45969e142308f8aa7fd61c6b8761c0ebc49355a1185b7db470fc213ee8ade881b448415f9cbad3e087495be7531414598e55116c44e04d9","ssdeep":"96:oHD50uAtq/vnfesDDrpLG09bT2WA+8LjlWny66gEhBV:AD5jf1DDrpLf9X2WP8LjlWnF6gKV","tlshash":"94b1a3edb64271b555fa9126ba6fb3027a3b2462340e5400682ddcc13d28eaf9377d8d","first_seen":"2025-10-29T17:07:00.589946Z","last_seen":"2026-04-29T05:38:12.711691Z","times_seen":382,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":11,"connect":2,"send":0,"wait":1,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/2.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/2.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 11510\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-2cf6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n%2BW2VdgR14M%2B2epURdNMyNHh%2BLcux8CP%2FCqWVOxBqMAMcC448pVbF4eqFChINndbA2yY9Nr2fUpYToZQ2e7Yq10HopsnM0nn3yTCk5FYkHghdfzcTJy5xNFXT1%2FIW41YIm3NrQ61cw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517ea605ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11510,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 633 x 98, 8-bit colormap, non-interlaced","md5":"0c790e9145ed72548e7c48f8a65bad31","sha1":"47ed3e002c6d62c20faf5c99392c4a55f82ec970","sha256":"7d91ec772828a69eabcf9885a19e56c6419529709ed11496f4006b861fdf58a2","sha512":"1d84f3572e95c1745cf71eacb0593000c8aae0f31b6c2cf6e8d96442363a9fca13628ecc94ea77c12306559a4b65c854d54e4ef5d9a818dccf0a211e2b167009","ssdeep":"192:Sptbro2Q6/ONstNurL7pgamhsZdDeZLA3FdbZPzHreigKxzt5X7e8MGCNStKbuxI:krFQEOKPuVm4DcLMdFPzLmKTNkScIQsi","tlshash":"ca32c00b2df06a96589a05dbc9db448d8bf90d10c6d18e098830b3367fbab92f1477c5","first_seen":"2024-12-28T18:16:18.016607Z","last_seen":"2026-04-27T02:55:38.407946Z","times_seen":13,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/13.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/13.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 8634\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-21ba\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4SD5xtUzrTj%2B2eImVv5JqjaYB%2BeKdcBf8PGoxAi8bXjXu7R188vjEs2%2FzF90CiC2rS1%2FeZ0eC6u1ptaxSOLK%2Fexw8uC%2BHpgEHC37puL9fReQ%2FDg08107r8VLyNsy3kkcbY4eU2gIPA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa6b5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8634,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 778 x 182, 8-bit colormap, non-interlaced","md5":"7582294446f41513a2e6795908e0cf2c","sha1":"60d4d746e4b2d86dab4ff5c0d00d954ff3de065d","sha256":"f6d61778e1b115558b3841bb7e53bd41e0dbf53fa9a7bb3b8cdd069902dd1f32","sha512":"e0d770933d3299f074d8b0b1b34558c43d2dc07e2b28db7ac3328999634cdbc536f2d9f1010382af609ecbb8827e38f135329d314b8faabe666e1fc643aeff15","ssdeep":"192:q9PbQyOGB5FuelOCqr9HtjqB7rYzRKIDTYSBWvmtsAIzYzLMR:q5cyOOLuqEruBAzRKIvhB4tAIzz","tlshash":"83029f21b845fb645cb84261eb61704e030c1d9b3856e86e10117bc639778d56afaf74","first_seen":"2024-12-28T18:16:18.011658Z","last_seen":"2026-04-27T02:55:38.399453Z","times_seen":13,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Space+Grotesk:wght@300..700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:9D:A0:A4:A4:3B:62:A3:D0:B3:63:4B:5B:C3:1D:9B:09:43:3C:91","sha256":"DB:10:40:08:19:EF:D7:9C:5F:11:BC:78:DC:9F:81:F3:9E:A7:30:2F:1F:06:C8:C4:A4:DD:BC:C3:27:6F:2A:AA"}}},"request":{"raw":"GET /css2?family=Space+Grotesk:wght@300..700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 27 Apr 2026 02:39:33 GMT\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1300,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"35eb4f4c39907924b212d05f82c97376","sha1":"92db94df0aeea6b5a13ed912dc6f7e82d2b94907","sha256":"0fb43c3574f37a8440418e87fe246a58e91e7cf055d5f254f00a13d3cc739e50","sha512":"7f3abc23a9711105f4057532777fd7c7a4d662a414361d6af836fc83fc0f88c6207f77ca5430d899531fcc024c207f6d965dcb5f211c59c60597ac7a0138fca9","ssdeep":"","tlshash":"d921ed9600669500eba35cc226cebe32be8ea0556050da3d7ffe2498ec9ac315311b2d","first_seen":"2025-09-05T07:25:22.933443Z","last_seen":"2026-04-29T04:33:50.955644Z","times_seen":250,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":203,"dns":1,"connect":17,"send":0,"wait":31,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/bg-6.svg","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/bg-6.svg HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69e63f59-aa0b\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p0hYqMnraYuBgeKtkbwNxveB5J3VSGR2e%2BzST83imRG8aklzOqW2LqS3bUHarOGliqC5w05IBrxiqmbuXpy%2Bq3%2BpG%2BoxvLegc7laALZ6ntn9FZZkFghIaeVyb5WGlDeqZZdDOOSaLw%3D%3D\"}]}\r\ncf-ray: 9f2a751c3ad95ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43531,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9e382e20b6b4b690993e4c2a2d49d2ae","sha1":"7dbcb818d514daf425c7f429d18a25bfb05cdad7","sha256":"68d4aa02079cb197275656ec0f773b3089a1d4947fd83fe24cce3ec2ac826132","sha512":"c0aec3bf0489cdd4ccc71fac35b28c7cc14e7b2dce10150132cf473b831a1b82e16a14fbcf1deaf5811c1b592a315f3d5fcbcebf0824c2a76fb2d1f25709850b","ssdeep":"768:15YSBsgfzwtjomuytsG9MIuXmZTijcfy2kaWZk:10gfoPbnpuYccaeWW","tlshash":"d013cff221fa8e4fb316791cd3496e144c465aabb258d59bccc42730437ad689e1be31","first_seen":"2025-09-08T09:28:19.681934Z","last_seen":"2026-04-27T02:55:38.423089Z","times_seen":9,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets/font-awesome.css.html","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets/font-awesome.css.html HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kq67Xkt3qGiXD9lFxFi6IAn2J7MHeVsAsLX1znauFgSvA7zfqEXmCNFeMsHBKBZ7jLaMNhqPVsi0J9XAw3BNmazZkuvLOPBuROH%2F3aT47m6kWF39fchxlBPVWkXKxgK0Q%2BqM0pe2fA%3D%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9f2a7517ea595ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T07:35:15.627588Z","times_seen":14364829,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/5.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/5.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 7302\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1c86\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ATz24mXdPGN30zmTzqDseHKv2ctG8EbWr1LD2AIG%2FBfF3gdnTsnxL%2BxfNvFX%2BbBXlRWSQn8aA59bJTgHWtLuiFwT9cjRW5xID9Qbmh5pgHeKw0f27jAJPMYf1z0eaRQHiCTz0e5EIw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa635ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7302,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 390 x 67, 8-bit/color RGBA, non-interlaced","md5":"81fa04cff9e6d95bb730def90436caad","sha1":"3bb58ee78264aa359c6abc1ea3f420ea192dab8b","sha256":"9c50dc7d6fe90a3f5b61f201ed1c93a718222adc4dc81f79ef6dc3549444e528","sha512":"981cac7ba765e9caba4bcc34ffe8f401daa62b93a106444d47e16e0a38fca9f3cbd0ddc94fc3a7d4b6760047194d2b9fda64750e4ba28679fd7cc37ce2165109","ssdeep":"96:Lwaht3INXM/NUdCgRlcs2Ax6zIlGKMy7aiV/2jqNySoboqbUkXIeG5kwbWGiB6Pq:8avIZdCgbc8UIlG7yeM2jNSE3A5qDBQq","tlshash":"89e1c085532ed856a60b8530058b1febdc243a2eb53320287ffb75f8b4c505157aae06","first_seen":"2024-12-28T18:16:17.976122Z","last_seen":"2026-04-27T02:55:38.421736Z","times_seen":11,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/16.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/16.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 8080\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1f90\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bYAcdPN50%2BwdJjxocGapJm51r%2BntKR6HS2z0%2FDkdZOd1GEDtg9xCYaC%2FfQIzi%2BFxsEe9z7ouEKwPAg7AAZBYCcSl%2BhC6hClp29QTDsaNObehsaogeGmdJRaOdNnz%2FtvwWxgTYgToNw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa6e5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8080,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 651 x 159, 8-bit colormap, non-interlaced","md5":"ad599588ee677371c006199c49c6b75f","sha1":"ea5d7f2e1310bd2cf317e5481ecce5b80314d6b6","sha256":"e0cdf3e25b1cdccd4447f8c79ec9483766d98f60e6865a10aa3adf93f9b8a811","sha512":"6b82db00032c4d1e3d274fcb79cf17bc6a91a8e4faf4471db4938178ddaaedf3f3dfd69f5a63ebc87c791ee485e667298d70332fc03010c668e9047643120158","ssdeep":"192:H1l44BncOaF/6QMHF4qUlqsXDTpjBVz75OED5/Lf5NSpAvh+lQerh6:r4uQMOFqaDTNjz74WBfqp2hFV","tlshash":"ecf19c9b1c80120a23de640ad2714cd7d8e1acb2e3354f9c7ba535b6a0fa9e75cc8942","first_seen":"2024-12-28T18:16:17.990563Z","last_seen":"2026-04-27T02:55:38.425833Z","times_seen":14,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/1.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/1.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 28469\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-6f35\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9QW2fhtVzsdFIRmx%2FhGsf5nISDRTzFTA3SOM9iVZegBpMxIWCKC3Kn9N0vgpdrqAbO4nkbkioRy1EiqLE0sD3ksanbuXQA%2FPI94osQ1Qgt92stZRXiXZ7%2FAQUYKkbLLymKyALn0Dkg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a75180a715ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28469,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 420, 8-bit colormap, non-interlaced","md5":"86a5d3b9e5f4522acdc7ad8c3e7bdf26","sha1":"5992d466690d1bf33096b32b654a2d131b059fa7","sha256":"1765c50517a70d867bc56876cc46096924eb99b8aef109a49565ab54c40edcb3","sha512":"258d0d2aeb431cf723bb189d77b7a899febd8eb4b24542098d9ff408c5a29e1d7089f120d9acdcc755e370670ac2e3ab76bc975b43d3300adb29dfd2c40b3999","ssdeep":"384:QDYnWbnpnoCsq7hDbd1PijJT+JjqmgYQD2zthGYQDLAfS2v1iNyNng0S+R5vVNcz:ypnoG1DajoJngYQyzjtQDLAfH6ytgqy","tlshash":"9fd2e151aa47e2edc0f5a16a1f1b957dc9bf0267723f47003a74d09f8da88b78b1340a","first_seen":"2025-09-08T09:28:19.697737Z","last_seen":"2026-04-27T02:55:38.390399Z","times_seen":8,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plausible.io/api/event","fqdn":"plausible.io","domain":"plausible.io","tld":"io"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:34.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"plausible.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 00:01:50 GMT","end":"Wed, 08 Jul 2026 00:01:49 GMT"},"fingerprint":{"sha1":"3C:FD:B2:2D:F1:AA:C2:3C:B7:C9:7E:35:CA:DE:08:DD:82:76:F7:1C","sha256":"63:5B:85:93:21:76:43:35:07:9E:64:87:C1:FE:5C:99:39:EB:FF:C1:D9:17:BF:0C:D3:41:24:A8:B0:09:B9:26"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: plausible.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rexas-com-claim.live/\r\nContent-Type: text/plain\r\nContent-Length: 88\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":88,"data":"{\"n\":\"pageview\",\"v\":33,\"u\":\"https://rexas-com-claim.live/\",\"d\":\"\",\"r\":null,\"p\":{},\"h\":1}"}},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 40\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 682664\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, private, must-revalidate\r\nvia: 1.1 Caddy\r\napplication: 127.0.0.1\r\npermissions-policy: interest-cohort=()\r\nx-request-id: GKoWWOZPX72iRDr-b4oG\r\ncdn-proxyver: 1.51\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 400\r\ncdn-cachedat: 04/27/2026 02:39:34\r\ncdn-edgestorageid: 830\r\naccept-ch: Sec-CH-UA-Platform, Sec-CH-UA\r\ncdn-requestid: 656643d70f66b6c541ea1fefdd164df5\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":40,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d93187647094e57686c04e21f1f9e8b8","sha1":"f155e588c126a8231be9c4310c956798c6f25247","sha256":"f14b9d296b4cc05672a75e1cc895f0ae7cee5988e6514d8f1c9afe4d5a8f5b37","sha512":"b770694ec8e152291af62521896afc221e78859e68b131e3b69526690011b632b8d18337ee071188f31fced57ec4ef64551ca7a6c68e9da7149210af1c2a8ca1","ssdeep":"","tlshash":"da9004043dd031570cc010ccf140540445d3511011f04045c0173304370011d5cdd00c","first_seen":"2023-10-10T14:08:09Z","last_seen":"2026-04-27T02:55:38.42742Z","times_seen":11,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":11,"dns":7,"connect":1,"send":0,"wait":31,"receive":1,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/favicon-16x16.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:34.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nCookie: _tccl_visitor=f3c14641-883a-4696-908a-7da789a420d2; _tccl_visit=f3c14641-883a-4696-908a-7da789a420d2; _scc_session=pc=1\u0026C_TOUCH=2026-04-27T02:39:33.956Z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: image/png\r\ncontent-length: 1661\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\netag: \"69e63f59-67d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GycTdE74AeOY%2Fta0RVrXuctYaFAS6Yaq%2F%2BeEXZ3wXpQ6eSa9U%2BZIj081maLRmrY2c4CKC2dq0YXsNpWKoe%2BJx1FCq5pYm22k728DBjWb7AG9LT%2FMg%2FmcEoEy4ValmUbU96vRRuFKpQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: 9f2a751ecaf05ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1661,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"35ac627171791bd16ae46197ef5d56d7","sha1":"852f88b7d48ffe35761d20c8b524f099929702f6","sha256":"96a690e4843666c4bfaa2286ecab72132a689fa2346edf5e359d7b5485ec34f1","sha512":"71278e897ce4dacbbe561b5c67acd50da8d35ae5e583faf8201718d3503ffd8c3e4004efe442481456dd76763a404da95bded285da3097652272a54fc4615e8a","ssdeep":"","tlshash":"5e31d6c0f429e217e61311f889016844eab8490b5b0fc65ee9868428b83c7681ae9f19","first_seen":"2025-06-19T19:59:31.775334Z","last_seen":"2026-04-27T02:55:38.418689Z","times_seen":9,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/1.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/1.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 5261\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-148d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bvHFHpUDTae9Z0fosOrpaS7L4SDIlHIujmOHbLDEd1tJSV0GkowP%2FtSE3ebox4fGtOOhs%2F48QePeOaYDCXlDWblhd4ouLgiawHiXgftUAzuT2Xp8RYU08%2BBj2wuAm%2BsNcdlR4njCrg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517ea5f5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5261,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 770 x 106, 8-bit colormap, non-interlaced","md5":"1d963a47fcf620e3b0e9e252b24b506e","sha1":"22049c1b3618b88503a31a73296652a8f31d66c9","sha256":"de3ebf2b97490423e37879ad0c00b73e5e038ac915765e36192180ed1fdc4227","sha512":"8296d6f4998a576a29fc551fbb84e67c55d57d8b7c38c51d5be437e140abf021124b046de4c19ad7b329d11324bc5f2b6c4c28a7adda1e4dc6a2226330d8d113","ssdeep":"96:YW/RzvhVqe9MbLufu42C95Mp6jgHr3gm/lx+0hxa8a3NJwdxvMjd:9bVqwv95MIj8jgSlx+0UNmxi","tlshash":"ffb18d5d209c99a95e6ab5a6eb2304270bc33c0c2543dcea18baf16783f314a1a92221","first_seen":"2024-12-28T18:16:18.008359Z","last_seen":"2026-04-27T02:55:38.410244Z","times_seen":11,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/feature-one.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/feature-one.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 263496\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-40548\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7Skh6BY4CfHHhIgWf7dwETgzrATQ5%2BPwSUpmm3w1hV%2FOYPNdsLov2GSZWUIiiBTO%2BR7ZnNy4cP0cKBpqjoVvpTElSZY33N4GwG2W066j8%2FSfNZrvUdk%2BcGm9hjPyoHS013a2Mhu4rg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa6f5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":263496,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1392 x 1258, 8-bit colormap, non-interlaced","md5":"990298fbae7c1c13aef8fb065de27578","sha1":"3ea9c1b223320200cf98b9358bf4348dbadec4c2","sha256":"2df0200809c0dc34a7d60a48e8590c86449c6fc75cc93990b8d79978fd42f6d2","sha512":"2dc70880bcef0e8a1866f1cd5e2ec9aa008667ab7a2396d2124e9724237bb42637b7f2ffe9deec8c9c05c3b06b79350e8eee97210d0d0ef9dc6b0dc8d1855e3a","ssdeep":"6144:MncV42bfKInvFWx84/MEiDbeNKWZNGO9S+n+DZ6OHKWN3W:McVDiI9m/MHePD9L+EU3W","tlshash":"374423d93a51f0cdc1c76ab191914b76a0fc98f47e7a7e30da1079a64c2d082d1e68fe","first_seen":"2025-09-08T09:28:19.696247Z","last_seen":"2026-04-27T02:55:38.409701Z","times_seen":8,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":147,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/spacegrotesk/v22/V8mDoQDjQSkFtoMM3T6r8E7mPbF4Cw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/spacegrotesk/v22/V8mDoQDjQSkFtoMM3T6r8E7mPbF4Cw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22288\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 26 Apr 2026 10:30:43 GMT\r\nexpires: Mon, 26 Apr 2027 10:30:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 58131\r\nlast-modified: Thu, 04 Sep 2025 17:26:34 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22288,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22288, version 1.0","md5":"87c506d88b9f587f0e2292bc271f5083","sha1":"c0781ea2f29013826dc1eb8db40f4d400d9df710","sha256":"0640890476fc1198ab4de571fb658de443c4d85b66466ec09534a8737ab1ce9d","sha512":"25171eb14ce4c75ccfdb6f1c2a7de82182fd8d3d79cfa108df2d0e015e4ac84678ad97fdf90cff2ac2f24934531fcca3289343129687f176f21964ce5cd01b02","ssdeep":"384:TB/NWnO5qgQvU7gd7EeEX5qPOJO4FqaCEuAsCyzvDfxPdjuHsrC:TBlo1vUsvZqO4MAsCKrxxuMrC","tlshash":"8aa2e15b3f6bde211a27aebf4fc957b0a3ac6c1db2dd2712c198b104408962cc5d5ce6","first_seen":"2025-09-05T05:08:09.568652Z","last_seen":"2026-04-29T07:11:29.866745Z","times_seen":10691,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":215,"dns":0,"connect":0,"send":0,"wait":29,"receive":2,"ssl":188},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"csp.secureserver.net/eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb","fqdn":"csp.secureserver.net","domain":"secureserver.net","tld":"net"},"ip":{"addr":"23.44.47.70","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:34.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.secureserver.net","organization":"Special Domain Services, LLC"},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Thu, 23 Oct 2025 00:07:48 GMT","end":"Tue, 24 Nov 2026 00:07:48 GMT"},"fingerprint":{"sha1":"0C:85:75:97:2A:6F:2B:92:48:28:1A:FB:30:8A:C4:98:A7:9E:26:CE","sha256":"2F:4B:65:33:11:10:9D:A1:94:4B:5A:5D:40:E6:63:70:B6:7E:1A:7F:E7:90:E4:E8:F4:4A:37:2E:94:17:64:AB"}}},"request":{"raw":"POST /eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb HTTP/1.1\r\nHost: csp.secureserver.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1816\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1816,"data":"{\"schemaId\":\"urn:shared:user:events:/v1\",\"data\":[{\"global\":{\"traceId\":\"9e4b58e0fea24b7489e78e56790574ff\",\"client\":{\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"sdk\":{\"name\":\"scc-c2\",\"version\":\"1.3.0\"},\"device\":{\"viewportWidth\":1280,\"viewportHeight\":1024,\"screenResolutionWidth\":1280,\"screenResolutionHeight\":1024}},\"page\":{\"traceId\":\"9e4b58e0fea24b7489e78e56790574ff\",\"host\":\"rexas-com-claim.live\",\"path\":\"/\",\"location\":\"https://rexas-com-claim.live/\",\"referrer\":\"\",\"sessionPageViewCount\":1},\"context\":{\"userType\":\"c2\",\"visitorId\":\"f3c14641-883a-4696-908a-7da789a420d2\",\"sessionId\":\"f3c14641-883a-4696-908a-7da789a420d2\"}},\"events\":[{\"schemaId\":\"urn:shared:user:event:/rigor/page-navigation/v1\",\"data\":{\"eventCreationTimestamp\":\"2026-04-27T02:39:34.216Z\",\"navigationType\":\"navigate\",\"timing\":{\"navigation\":{\"connectEnd\":1777257572735,\"connectStart\":1777257572721,\"domComplete\":1777257574208,\"domContentLoadedEventEnd\":1777257574039,\"domContentLoadedEventStart\":1777257574034,\"domInteractive\":1777257573956,\"domLoading\":1777257573030,\"domainLookupEnd\":1777257572720,\"domainLookupStart\":1777257572667,\"fetchStart\":1777257572666,\"navigationStart\":1777257572645,\"requestStart\":1777257572735,\"responseEnd\":1777257572961,\"responseStart\":1777257572961,\"loadEventStart\":1777257574208,\"loadEventEnd\":0,\"pageLoadTime\":1563,\"domContentLoadedTime\":1389,\"domInteractiveTime\":1311,\"domainLookupTime\":53,\"serverResponseTime\":226,\"serverConnectionTime\":14,\"redirectionTime\":21},\"paint\":{}},\"traffic\":{\"pageLevelProperties\":{\"ap\":\"cpbh-mt\",\"server\":\"p3plmcpnl492539\",\"dcenter\":\"p3\",\"cp_id\":\"10027904\",\"cp_cl\":\"8\"}},\"producerEventId\":\"2d7b93ff-5d8c-4e5a-8fca-72f5c16558b4\",\"contentLoadType\":\"hard\",\"response\":{\"transferSize\":9612,\"encodedBodySize\":8739,\"decodedBodySize\":38808}}}]}]}"}},"response":{"raw":"HTTP/1.1 202 Accepted\r\nContent-Type: application/json\r\nContent-Length: 2\r\nAccess-Control-Allow-Origin: *\r\nx-bus-trace-id: 165895145798756552039006288331822245627\r\nx-envoy-upstream-service-time: 89\r\nx-error-info: 0\r\nx-request-id: 0bf4eb97-02a9-4f8e-94fb-bc916e409a40\r\nExpires: Mon, 27 Apr 2026 02:39:34 GMT\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nDate: Mon, 27 Apr 2026 02:39:34 GMT\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=86400 ; includeSubDomains ; preload\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-04-29T07:34:52.566933Z","times_seen":605408,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":26,"dns":8,"connect":4,"send":0,"wait":177,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T02:39:32.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 02:39:32 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AX4w5JxsS%2BCykjbngyyvRmg2KfHYmHfGrlKVLZ0xJO33hkzhtk5LJ1AVXOaYhUYdZ%2F870Dca7jsxecvRA187TXkuw54vjrn7XA4SzqCbnM95qAJuUDl1G%2FBxG0%2F0WNKI2a%2BCIQmiAA%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9f2a75159a445691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Slick","description":"","website":"https://kenwheeler.github.io/slick","common_platform_enumeration":"","icon":"Slick.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OneSignal","description":"OneSignal is a customer engagement messaging solution.","website":"https://onesignal.com","common_platform_enumeration":"","icon":"OneSignal.svg","categories":["Marketing automation","A/B Testing"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1090)","md5":"3118bc040c4cfdbce34f7ece8bd8bd33","sha1":"b2840a241eefe79c9903f6de73d92c5a99d9ca59","sha256":"c458063ba1bbc995128387dcab6047980bab99ee681dedecd0b42ae6046b24df","sha512":"1b04272d7a5c7a3ef3d0ee1edf45df1e714abef88dcadd4ca92d28b3f7d5a7c4aa328991243178ed83e74eb991c2c1abd25bb9a0d153dc2d53dca891eb3ed2c8","ssdeep":"768:848hacJ2SLj/EgJDzTyqAKpg/7p+uxREq8:848b0SLj/EgZfKKh","tlshash":"8603a424a1f1163b519380e1bb722f1b6f92c183d51e911872bc0bf96fd2d86dc6b1ad","first_seen":"2026-04-27T02:40:04.587281Z","last_seen":"2026-04-27T02:55:38.397384Z","times_seen":2,"resource_available":true,"data":null}},"time_used":361,"timings":{"blocked":68,"dns":53,"connect":1,"send":0,"wait":225,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/css/all.min.css","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/css/all.min.css HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: W/\"69e63f58-19261\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sOBsBMKHoh93CfL6uesB%2FkB7ItetBt92ekugQ8ztGrIXo8b1fF%2B%2BAWzoM7ktltTYD8D%2FfschM3n7iDcxaR%2BB1IU3sHzx8KimPlziAOe6S64Ki26GgxAcAlNZOSdHI%2Bdd3sONZpEsYQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a7517ea5a5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":103009,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (52282)","md5":"c325be79a5ecca85d68eb9e5b65a547a","sha1":"f2a96686228994a46961657df4c9405afec8e9c2","sha256":"5ceaaba22d75b58e04150311f596306562a3e595e27ed4b1dfa451b82dda9e50","sha512":"4a71f958af9b67180f1ece38b96217f8b2c9009f7fd8f90f299e508808fa4daf3ac3e7ec6f64e47267d1c955f7a419cc15c57ba103c9925f507af4825abdd6e8","ssdeep":"1536:t1MCMPMCMjMCM4MCMwMCM3sVM3709gbQZMfjSFOlyPG9dXgRM0J:W709gUGGFwyPG9dwRM0J","tlshash":"16a3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2024-04-05T18:44:57Z","last_seen":"2026-04-29T06:10:18.854153Z","times_seen":8835,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/css/slick.css","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/css/slick.css HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: W/\"69e63f58-6ef\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dN3lRL3dMMeg1xDx9MWtKeswBQhUaL0U3LSHkl%2B%2FNOrsf6LYsb1QojBdaOE41RmdVW%2Fc5S%2Fq1uf7zHcC1YZt3qH8wFBhyGf4mpbcetN68zykGaq14lDV6FZefaTu6ZskBiL6iTqPAg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a7517ea5d5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1775,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"18ef3d49eaeef37d9fa15c2516857f21","sha1":"bac3e06294b8940b53343b6b6108c6701fad6397","sha256":"58023f0aaa39c2e92e4c00e18b1225d85ea70edc0ce1d413c4e8ca7c1411ba14","sha512":"cfec1ba8cebc0c74968053cca7ca9085799589248fb02ec402345db584ea87a09b50d7ae3f48247b2d0013e315194c3a1c1bdc6ac4b38e33c05365cb085a33ff","ssdeep":"","tlshash":"1e31294845b389468416808d5fd7ca6d2bfff0130829e199ba8d1306cfce7d8a9c26b2","first_seen":"2023-04-19T15:20:34Z","last_seen":"2026-04-29T07:11:49.999777Z","times_seen":1124,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/3.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/3.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 9781\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-2635\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZjV72XjOBNOIGFfl2ycN21tW%2B6Fdx64KF1a9Zk74%2BJmNGuVNQzdHJSmi60hU5mF5a4H1ZAe2MYqD8VQQFYc2l7YM51MLPrduXmFBC2n6OV09rQFQR%2BzM4NZx%2Bx7PcakpZrw9j5C%2BlA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa615ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9781,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 610 x 87, 8-bit/color RGBA, non-interlaced","md5":"7c4a2e6deb7ebeb00819644a72443baa","sha1":"b30d38470deb64592160d404687af7b03f520724","sha256":"89bec1e9fad2581650c857c481f47a8b3868b2b91f0b9c7a1606101f17656f36","sha512":"71b015be0f1837793f09611e87f49582ae1087af606f4b0c1b930e3962e328336e8465b68a8ada0b4f5328e3caa5154b4d2149b0531fc916b1df6f3aa917f197","ssdeep":"192:XDZ2WRytfVnE5sDDYih8kNLON93LNssvaaGSp6epUV+gse1Obwg1q:F2WRyXrDL8kNyNpL/SatmV+kObwN","tlshash":"fe12bfce6d2369e3392cbce627dd63cc441c793520d2ce90a8cec51989f641ab800917","first_seen":"2024-12-28T18:16:17.974052Z","last_seen":"2026-04-27T02:55:38.392869Z","times_seen":9,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/8.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/8.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 8786\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-2252\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=caa4MvRgyc5eG6nPYxcNKuSZOQUZ1YyddqV4beZQliY978LursVoNng%2FaYZlk6WDwBHU5Zah1PD3%2BNHIiqwyoJBrpGLZhNz8ELNjvqUtTglc5IqDdkJPecGKMr%2B5LcP%2F6egIrbHPmA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa665ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8786,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 341 x 107, 8-bit/color RGBA, non-interlaced","md5":"08948c39a2a1ec53aedbf3d31dfdbdeb","sha1":"93e60018af7ca0dab2913b479530a8297740be80","sha256":"f99948f2c87123363eaba7f18a906967a32210edc6287f7679cc7601c72605c0","sha512":"a52da11a2de0e76b8e668a5fd93c9a3c7cd149e9dcc739d41f2a7778bd7fd421a744ab3d0972235a650bb102be235930e9d13d59e7e12a7694c66c0481687c1e","ssdeep":"192:BpJkLLZChbPxGEdGbx38q6fWPiwvRxiedooTZgZ1clPyIUt:BfkLFCLDGbx38qZPWeOObKt","tlshash":"7e029ea2f19538c412d99cbafd6d11942e9f303c15973768fc08d2db8b475e622806c3","first_seen":"2024-12-28T18:16:17.981159Z","last_seen":"2026-04-27T02:55:38.40328Z","times_seen":9,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-MS4W49TJ","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:14 GMT","end":"Mon, 22 Jun 2026 08:35:13 GMT"},"fingerprint":{"sha1":"BA:9E:A9:01:73:30:25:9B:9B:28:25:39:24:13:22:55:3E:F0:57:C3","sha256":"9D:AB:4E:BD:B4:98:3A:1E:70:9C:42:A2:E1:DA:0E:18:3C:BB:D8:2A:58:08:F5:85:3D:36:0E:1A:7A:27:AC:5E"}}},"request":{"raw":"GET /gtm.js?id=GTM-MS4W49TJ HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\nexpires: Mon, 27 Apr 2026 02:39:33 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Mon, 27 Apr 2026 00:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 110921\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":316826,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4494)","md5":"fe2eae895d14cdb9dea439a420ea93bd","sha1":"efe40e67ae873049ef5c3832fdfa9f8fb0cd5119","sha256":"b2960fa2a3dc573eb2b0d226f2f61e1f731d8f42644cb6557a32f50ecfec1e93","sha512":"341975dadd75259c3969967f4c7b4cd1506333109445e3ecab8b55047107617de1d98b4601a81b36ddc98a0a9650f7eeca9c39aed3e6e6eb37314bf5129e038a","ssdeep":"3072:De+UWHzdkfuzVo4lEHaJeB0RjaMbraAyCQsVjgzLLA6UeCnwvpASTbquCKVqNGyk:6iFze4lEHaJMOg3LDUZApASTbqjKVgbg","tlshash":"f964f8cdb3da746683a3a478903f114bb23a7892f84cc899f182d8d42d746694277f7d","first_seen":"2026-04-27T02:40:04.592844Z","last_seen":"2026-04-27T02:40:04.592844Z","times_seen":1,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":96,"dns":5,"connect":15,"send":0,"wait":49,"receive":53,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 8000\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 21 Apr 2026 06:02:31 GMT\r\nexpires: Wed, 21 Apr 2027 06:02:31 GMT\r\ncache-control: public, max-age=31536000\r\nage: 506222\r\nlast-modified: Mon, 15 Sep 2025 16:33:57 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8000,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 8000, version 1.0","md5":"72993dddf88a63e8f226656f7de88e57","sha1":"179f97ec0275f09603a8db94d4380eb584d81cd5","sha256":"f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149","sha512":"7c20165f9d22a86341e841fd58526209017dcde2afe2d0d2a89fe853d95dc69f658d25cf798c71f452dab09843fc808c1ae87a60b1284134163abf5a1d93e50a","ssdeep":"192:GDonmfrEdXT8WrxzRXwyQo3zGEOM7Y2hOMgWnsfYSjv4ENFGwrlKJ:8onPxTzjgyQSzLPXOTIYHJAJ","tlshash":"08f1b0ffa92456c4df692475a5044f27623652b4dd35cb2f496f3e12d2d74224bcc4c1","first_seen":"2023-04-05T18:53:14Z","last_seen":"2026-04-29T07:34:57.706247Z","times_seen":220719,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":117,"dns":1,"connect":15,"send":0,"wait":15,"receive":2,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/css/bootstrap-icons.min.css","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/css/bootstrap-icons.min.css HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: W/\"69e63f58-14f7d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YufuMU%2FUrdP6t49rexN7Jt8zz%2FD7y4C1VyfY%2BtzlLXTNyiiXZeYEFfVxcydBSw6Uu7DrO1%2B4bOg4jVZ5qsUHNfISk6mBk3hCRdzncEMp3LNcfTwxUtE07%2FOthryAQyejEiF1RH3qRg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a7517ea5b5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85885,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65354)","md5":"19bfba379e6ab8507c00c6b10c066815","sha1":"f302675c3945bcb2784ddebc002546d6fc8adf70","sha256":"4a536b78e1eea6753318403b224b25e4566e8bfe42c44f6e922b589dd67755be","sha512":"f6406507cde2fcefa927af4df7b0b8e0db68b9822a8b10fcbbeb81ba3c5f619f6fd30f6ce44143fe80974e39bf22450d09af46d676e24c7e4a5a7289181c156d","ssdeep":"768:LPcr8JUkZrpULKt4bDcf3oQpeqfZs0BWeUz5+XIHx5qkgwTz:TrpEKt4moUeqfZbc5+XIHZz","tlshash":"7e83fbe8e18d05e8f372c49faf42775e31aafa3cd5811c68f14a111d5ac26650ac7fb8","first_seen":"2026-04-27T02:40:04.59531Z","last_seen":"2026-04-27T02:55:38.398046Z","times_seen":2,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/fonts/bootstrap-icons.woff2%3Fdd67030699838ea613ee6dbda90effa6","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/fonts/bootstrap-icons.woff2%3Fdd67030699838ea613ee6dbda90effa6 HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/assets2/css/bootstrap-icons.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PLS3N6slxpVcoLrcqlz4Dp0GWDnYluLg5W2CQpsNVsf6em8rVEWMiSiBJ6BnEjiGYq27s%2B7%2FS10tpdd5KIhohKf3bu8B43XLFAMxWHx6ADlUjJ9vH18qQ%2FGfcqkS4v5%2Bh9%2BvEeFALg%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a751c6adb5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Slick","description":"","website":"https://kenwheeler.github.io/slick","common_platform_enumeration":"","icon":"Slick.svg","categories":["JavaScript libraries"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"OneSignal","description":"OneSignal is a customer engagement messaging solution.","website":"https://onesignal.com","common_platform_enumeration":"","icon":"OneSignal.svg","categories":["Marketing automation","A/B Testing"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":38808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1090)","md5":"3118bc040c4cfdbce34f7ece8bd8bd33","sha1":"b2840a241eefe79c9903f6de73d92c5a99d9ca59","sha256":"c458063ba1bbc995128387dcab6047980bab99ee681dedecd0b42ae6046b24df","sha512":"1b04272d7a5c7a3ef3d0ee1edf45df1e714abef88dcadd4ca92d28b3f7d5a7c4aa328991243178ed83e74eb991c2c1abd25bb9a0d153dc2d53dca891eb3ed2c8","ssdeep":"768:848hacJ2SLj/EgJDzTyqAKpg/7p+uxREq8:848b0SLj/EgZfKKh","tlshash":"8603a424a1f1163b519380e1bb722f1b6f92c183d51e911872bc0bf96fd2d86dc6b1ad","first_seen":"2026-04-27T02:40:04.587281Z","last_seen":"2026-04-27T02:55:38.397384Z","times_seen":2,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":114,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/3.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/3.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 45435\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-b17b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FBdtli0zzNnik42aucb4bAjIXrq1FHPXSDLEuPDh5cnhARTs81VrCo53GefOqnyDaCVyQf9xu8G%2BO2dG84R4Ok%2Bz26xUq61T%2FDVXTUiUZ2lYPK88vIKNUpZd8QPQ1Zz%2BhO7MKMggkA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a75180a735ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45435,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 420, 8-bit colormap, non-interlaced","md5":"eeab6645df93ecbbac90dddcd1bb023d","sha1":"6da0161ec7e5c0f2aa98178102c412cc175ff5f3","sha256":"a71901b7c56bf814936b3779a6309da5633b9bbab02df751d1de050b3ef363af","sha512":"31469a5ed860f6a53e837892a52f35f2023fbd2514d9d30c81892e19a091519f0c496b5cdddaa5fcd8f865ffe3835aa8d4dd56cdffb38eb31bb6d2387e24fadb","ssdeep":"768:Urb0kdSlOIb941RE+Jf56SlBUonfRI1TRKVJ7RJVYGLAcVvAkfCEe2:UngKRfgSXlodKVJ7RJGCxxC72","tlshash":"9f1301122dc65b28a436f9c7710e2991cf6a209ba5ba116c913551f3f313f06a0ba68a","first_seen":"2025-09-08T09:28:19.691992Z","last_seen":"2026-04-27T02:55:38.403841Z","times_seen":8,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gtranslate.net/widgets/latest/dwf.js","fqdn":"cdn.gtranslate.net","domain":"gtranslate.net","tld":"net"},"ip":{"addr":"104.26.12.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gtranslate.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 01:40:44 GMT","end":"Thu, 28 May 2026 02:40:40 GMT"},"fingerprint":{"sha1":"F0:7F:B1:BC:BE:73:55:AD:38:9F:92:6F:D6:4E:DB:1C:05:30:A3:80","sha256":"32:CE:74:34:FD:C2:62:30:95:38:1B:13:E0:4F:A0:DC:0F:1D:D8:44:4D:60:AF:C5:1C:94:AD:15:57:F1:6F:2F"}}},"request":{"raw":"GET /widgets/latest/dwf.js HTTP/1.1\r\nHost: cdn.gtranslate.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 18 Dec 2024 23:02:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Fri, 26 Mar 2027 12:48:23 GMT\r\ncache-control: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nue7Zi0%2F1bu0Ql5DnvDnkFu7QsQYJa2Y0jSEKIFa9ML%2FXNopVzYyz5n96NVYX0CyStBnUEuRDgdYg4SvwFC1yLHYBenFJwPquaEH0vDBPLmpT5nJ%2FBb9H7iyBkyKZKj%2BI2GVFQ%3D%3D\"}]}\r\nage: 2728269\r\ncf-cache-status: HIT\r\netag: W/\"6763547c-519e\"\r\ncontent-encoding: br\r\ncf-ray: 9f2a75183efab509-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20894,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3129)","md5":"045e5b73ed912826c121b43dde0c62cd","sha1":"b7eda70a8c647c2f1cf131fd28faff9dacbdfcbc","sha256":"47124c8f95a929f5753a8f602d70bbcceb5f2511488c3de0fffee6865b89513e","sha512":"a71e02fbf9a755034db82e69e2e7af065f3d1cda4af47e40bf757d9dbed9ce477d9a26ba9bd6524ddd0fe7cc21945270655fbffac9d0c35543ba2a5322cafe24","ssdeep":"384:AzCKMPZATN09o0mtYo8XgV8lvSdDswFi2hS4DMbH:AVMhAh060sYo8Xk8lqdpk","tlshash":"0192f96611f7003e9917036aefbe4b1c60b902774004e920bfaedd829fc1998c677ad8","first_seen":"2024-12-27T12:55:51.254789Z","last_seen":"2026-04-29T05:22:49.224307Z","times_seen":1039,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":3,"connect":1,"send":0,"wait":7,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Fri, 05 Sep 2025 18:24:05 GMT","end":"Wed, 07 Oct 2026 18:24:05 GMT"},"fingerprint":{"sha1":"0E:95:B5:3C:BC:57:5B:29:44:36:31:82:4A:13:83:C0:BB:C6:51:2D","sha256":"2E:41:DD:15:BE:3D:3A:3A:29:F0:65:E6:52:EC:88:54:C4:60:01:9E:68:96:30:F3:2A:31:D9:A1:95:CA:69:24"}}},"request":{"raw":"GET /signals/js/clients/scc-c2/scc-c2.min.js HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rexas-com-claim.live/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: MSgmliDdZBQGdSEEp9qD8Kq8MZllzM/JhNb6N0YfUYh20iECfR1soMRJ/KsDDD9G5Y5ewhZA2Ymzv53igq0mOg==\r\nx-amz-request-id: BWNG8EG52H983XS8\r\nlast-modified: Thu, 19 Feb 2026 18:11:28 GMT\r\netag: \"6b309239dc60d45e344f4d49a2c5f041\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-version: 1.3.0\r\nx-amz-version-id: 5rz5mfani0A4Sx2XrwmZgSvEFZ7uFBOZ\r\naccept-ranges: bytes\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=1800\r\nexpires: Mon, 27 Apr 2026 03:09:33 GMT\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-length: 21133\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":104464,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6b309239dc60d45e344f4d49a2c5f041","sha1":"c3f931166c53c402c065d8d63119f1009bb30ccf","sha256":"aed4593b11665f063ca6e5e6184435777c74615f5b5991ccdf4acfb8b08e2431","sha512":"4486905b59f275f398b0ffb6aa63dd92662a12d674861b2464a11797f6d0c322df6504f16dbd7c67b3562a9af55e32f344ee8ebc6b5dea2af869630099341a37","ssdeep":"1536:CzSGh6DmEMRNJHY/vbV4vlzH9UOa3mTM+xLxCLuf:8N9Y/ZE1f","tlshash":"33a3a598f6a1f07142e76165412f010bf379a966b0aed0d4e725e8f4adf84ce8173f29","first_seen":"2025-10-08T00:41:42.369445Z","last_seen":"2026-04-29T07:34:52.566274Z","times_seen":19710,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/bg-1.svg","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/bg-1.svg HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69e63f58-13007\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gpqk040eX33SJsbL1YArHMV%2Fc1deyW7zMAwG2TyYDJ4qqrIbcNvfF49MuJZGG4xHav6eqfJ533tH%2F7DH8G1OmIE8t5nLs%2Bg%2FKveWnVJemNlwnS69%2B1WKf6X1bSvTb3u5ev6advhsBQ%3D%3D\"}]}\r\ncf-ray: 9f2a751c3ad45ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77831,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c10e4b0b1fe0eb75aa397a30ecc600e8","sha1":"3a1e4443e1471e66d1164e771250537064776d87","sha256":"a198428c67c7e42522b974456c32955e7d55a5334f6a051210f2a29720e2b64a","sha512":"309848b69709c328f2570c797bbfc47b244da60400e1d437b24a853117cdd29c4db49ea10acfd1cd9df78230fd5bd6aa9678cc8630e61905565789117806ec24","ssdeep":"1536:M9njtdbb61iRV3X3hXBLhOwy0OU5jpdLsYxbA4TTc5s44Qu085:8nBdbb6gV3X3J9y0R3dLsGc4fb1N0i","tlshash":"b27302b33312cf1d9e041d98a28c5045fd19cecbe3597698c6c45f6e83afa3486260af","first_seen":"2025-09-06T14:26:30.559086Z","last_seen":"2026-04-27T02:55:38.420287Z","times_seen":11,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/bg-2.svg","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/bg-2.svg HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69e63f58-c429\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GUH6flUqIN8dBpSHijhw54vMR%2Faqm5ixF0EWMTXACbMGWEfMZ38dZFq0V2hva0l4cemWMg2iZz9LaHpF%2F0qpbLLXaAyVyFeQluqXQZNqveDRZQmgiyY%2Ba2fFWTUU%2FfdRXLDfmPOWBg%3D%3D\"}]}\r\ncf-ray: 9f2a751c3ad55ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50217,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b350f8a55761c0412e4e8922f0e59ba9","sha1":"d9634b31a71abdd29edce4dfc3398a9d5f5f8835","sha256":"46808134a5d474bf1529952d03df45e44231954c8beeeeb492094cfcaeb5d833","sha512":"9a61ef9c10a6485c475e6725e19f13532441ada791cb59105a95f3a603714a53bb3f278a84a170fcb106bcb066798f774a91144816d236a1c659153099deef6f","ssdeep":"768:hj11ihmKMg2FqFkKzxMRIcQshvi49wBkf58kxx+JpgQnaxKLG:hB0X8SxRUf9VBb0pgQGK6","tlshash":"7533d036923ffedf739c1d04f68922148c5d2c8fa64e4442a5d1977252a5a881faf4fc","first_seen":"2025-09-06T14:26:30.581367Z","last_seen":"2026-04-27T02:55:38.391695Z","times_seen":11,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"csp.secureserver.net/eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3","fqdn":"csp.secureserver.net","domain":"secureserver.net","tld":"net"},"ip":{"addr":"23.44.47.70","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:34.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.secureserver.net","organization":"Special Domain Services, LLC"},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Thu, 23 Oct 2025 00:07:48 GMT","end":"Tue, 24 Nov 2026 00:07:48 GMT"},"fingerprint":{"sha1":"0C:85:75:97:2A:6F:2B:92:48:28:1A:FB:30:8A:C4:98:A7:9E:26:CE","sha256":"2F:4B:65:33:11:10:9D:A1:94:4B:5A:5D:40:E6:63:70:B6:7E:1A:7F:E7:90:E4:E8:F4:4A:37:2E:94:17:64:AB"}}},"request":{"raw":"POST /eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3 HTTP/1.1\r\nHost: csp.secureserver.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1061\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1061,"data":"{\"schemaId\":\"urn:shared:user:events:/v1\",\"data\":[{\"global\":{\"traceId\":\"9e4b58e0fea24b7489e78e56790574ff\",\"client\":{\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"sdk\":{\"name\":\"scc-c2\",\"version\":\"1.3.0\"},\"device\":{\"viewportWidth\":1280,\"viewportHeight\":1024,\"screenResolutionWidth\":1280,\"screenResolutionHeight\":1024}},\"page\":{\"traceId\":\"9e4b58e0fea24b7489e78e56790574ff\",\"host\":\"rexas-com-claim.live\",\"path\":\"/\",\"location\":\"https://rexas-com-claim.live/\",\"referrer\":\"\",\"sessionPageViewCount\":1},\"context\":{\"userType\":\"c2\",\"visitorId\":\"f3c14641-883a-4696-908a-7da789a420d2\",\"sessionId\":\"f3c14641-883a-4696-908a-7da789a420d2\"}},\"events\":[{\"schemaId\":\"urn:shared:user:event:/data-platform/signals/page-view/v1\",\"data\":{\"eventCreationTimestamp\":\"2026-04-27T02:39:33.956Z\",\"forensics\":{\"traceIdAdopted\":false},\"traffic\":{\"pageLevelProperties\":{\"ap\":\"cpbh-mt\",\"server\":\"p3plmcpnl492539\",\"dcenter\":\"p3\",\"cp_id\":\"10027904\",\"cp_cl\":\"8\"},\"customProperties\":{}},\"producerEventId\":\"e4637657-c8e6-4ffa-b3b8-b3e019b26466\"}}]}]}"}},"response":{"raw":"HTTP/1.1 202 Accepted\r\nContent-Type: application/json\r\nContent-Length: 2\r\nAccess-Control-Allow-Origin: *\r\nx-bus-trace-id: 5051352335464715640381434427941599002\r\nx-envoy-upstream-service-time: 85\r\nx-error-info: 0\r\nx-request-id: bd06b667-5c54-4601-b1d2-a57aad078c9e\r\nExpires: Mon, 27 Apr 2026 02:39:34 GMT\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nDate: Mon, 27 Apr 2026 02:39:34 GMT\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=86400 ; includeSubDomains ; preload\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-04-29T07:34:52.566933Z","times_seen":605408,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":27,"dns":11,"connect":1,"send":0,"wait":257,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js","fqdn":"cdn.onesignal.com","domain":"onesignal.com","tld":"com"},"ip":{"addr":"104.17.111.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.onesignal.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Apr 2026 14:18:08 GMT","end":"Tue, 14 Jul 2026 15:18:03 GMT"},"fingerprint":{"sha1":"F4:6A:77:31:26:79:DC:7D:5B:F0:38:1D:AA:87:BD:6E:E2:18:67:65","sha256":"84:BA:CA:D3:A0:DA:D2:44:26:68:D8:BE:AA:6F:51:D7:7B:72:1C:11:DA:47:4B:7E:4B:42:EF:BC:62:D2:76:4E"}}},"request":{"raw":"GET /sdks/web/v16/OneSignalSDK.page.js HTTP/1.1\r\nHost: cdn.onesignal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: application/javascript\r\netag: W/\"a00076bd699df812e779da9a4115e447\"\r\naccess-control-allow-headers: OneSignal-Subscription-Id\r\nserver: cloudflare\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nset-cookie: __cf_bm=jJcKzIpNEM0p9diFlax1e151U9rL1UOpUa_PU6ji3Vo-1777257573.1298406-1.0.1.1-g1oNc.jNUgBEMwNTNhdELEZXZXr.IXwJe_yoZ1lsUdvlqkR7FebpKuGcsK4VfcJESuhZpT_YDtuHEMeWwDjoe1itzZEDw56J.OArSfLt74i2YkP7MEF__0hvr7Z6aY9M; HttpOnly; Secure; Path=/; Domain=onesignal.com; Expires=Mon, 27 Apr 2026 03:09:33 GMT\r\nage: 2411\r\nexpires: Thu, 30 Apr 2026 02:39:33 GMT\r\ncache-control: public, max-age=259200\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\ncontent-encoding: br\r\ncf-ray: 9f2a75180b595ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":590,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (544)","md5":"a00076bd699df812e779da9a4115e447","sha1":"f34870bb42ddf743ecf904561fc2ad6fafdf74d1","sha256":"b654b653e01469d2098282d49bf728c4d90d0f736c02618f72a78d0d6089e86d","sha512":"1b0cc0e49200c254915e559359051db46a437aa8c50d105ed559a10f8f563039377f16d80eba84131dfeef677630056aa11df27785ae10103c5fee1ff1a1797f","ssdeep":"","tlshash":"77f0e18b5b702a24266d488a673384496332a12cd8f690d1b7cb485c3011fa6879be3a","first_seen":"2026-04-01T02:18:52.83901Z","last_seen":"2026-04-29T07:29:28.025036Z","times_seen":1029,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":2,"connect":1,"send":0,"wait":7,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/slick.min.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/js/slick.min.js HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\netag: W/\"69e63f59-a76e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yYJ%2Fsn8Wwlylz36H8wTOoj26%2FkD69LhPv98I0te9QYeUtwPi95x1oQURHauU1xltNXJVX9o0XZBSuGGoOU0c1VDvOGetfprCJmP0IT2hmhgMrpGewrATLwPJYjVzY6rOdaJuVlLUpQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a75180a795ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42862,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (42862), with no line terminators","md5":"efe2dc57bf7b73137e9642e586ee272b","sha1":"ef584add252ef75060da8df06eb5e859caaedb37","sha256":"27bebe78e3b6a4b1664dd4fa83a8cd0187f051631a06248fefa3ef3991a5a92a","sha512":"5bed459f087e94f50bf65f4aac3b77314d2128c6f47480ccb3f405fd8a81e5352a68076d341a8d24572168afc5edcb447d590e7bbdcd834b3f87cbea13126f25","ssdeep":"768:4rkkX123A5YHi6pWzYdlNWYcx16nnYdXRRMd2KYCQCsPShb1ez7RFmYf:EPrYdlNixEePiYf","tlshash":"0513a549d205276285d721e62105c40eb3f7fb3cba22c0e475c9d3ea646ec4896d7bfa","first_seen":"2023-03-07T01:10:46Z","last_seen":"2026-04-29T07:32:46.490195Z","times_seen":6817,"resource_available":true,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/body.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/body.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/assets2/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 523776\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-7fe00\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=501MM3gPvYei%2BOkFHPPr1XPXMStZEUz%2BAgr41645LFyWC7alQiXNTveEx%2FaEMHWooKwpQKK0cSP2zA1SouKmcicPCHXbju%2FwOp0Pr6Jz%2BcSBhnIqVEPAnwwUm29fS4lt0zObnq7cig%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a751bcab55ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":523776,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1080 x 5422, 8-bit colormap, non-interlaced","md5":"30cbdcad6f83a616b5066ecb8d5d014c","sha1":"08118fb7f6fdf26397d1b3891bd628e477d3a8f7","sha256":"ee3a6f6abab7117ca7eb0b6ee90968402ab5b8abd99db028f975037b4e453e27","sha512":"2f569744be07b4fc31105057db79c9e2fbd7f5ec1f1821cd72cfe7ec772d64c6ed42e336f068b3cc10fc0390993b5d6161daa02767af679dd158b1124f9f733d","ssdeep":"12288:avb7Fj63Q3SpE1TY1iZaOMsEow7FOmJqrVcbMrKpRuf:azhe3QipSY1WIsEpRYVcbre","tlshash":"ddb423d4afca005a80671cbcc0025df598a16fc0e4b6f9e24b677c0e9d5f19c6e990af","first_seen":"2025-06-19T19:59:31.773467Z","last_seen":"2026-04-27T02:55:38.395476Z","times_seen":11,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/10.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/10.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 4946\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1352\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HMyfxU5s1FTkIwAmlEdHaOxUftn%2FQlLnfi9NyPcoIWQ3VWT407AHpOOg3Ey6Y5RJklUwQhLVo40PGHabbjnes8nRGvAIbGgplVJWgT1r0gtnqeXDVkKmBMZ%2BYj5lP9cw4fWRtZXOhA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa685ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4946,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 389 x 55, 8-bit colormap, non-interlaced","md5":"d81793f1e8f34b951812e19a5be01b2a","sha1":"b066dc64dc7a0b22cfb978ac831c64e57e58da07","sha256":"5b6cfc208b4e75404cf3d93f631fec6dfb06e511d7d81dce7a6ee887d6c3b0cd","sha512":"b30c2803c1bbb36ffe2a42ea75bbf7f05c9f04c07607d03a232339a4b631d5718773e8dc6655c63fec5d6762dc9e2ae528579f888819fa7778b4b0fb841d71cc","ssdeep":"96:7xXZOSkEBIH+SwXkM8KTcpkxGLkQM+PGvPCRWlhSqdiQCq8KCqKpt9o:FXZJWJM8KXa+bhV2q8KCqKp8","tlshash":"4aa15c085174edf76358842eed74f32a9d277c1aeaa4a016cc94712b73b82b9250b457","first_seen":"2025-01-03T12:55:47.43919Z","last_seen":"2026-04-27T02:55:38.409142Z","times_seen":10,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/app.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/js/app.js HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\netag: W/\"69e63f59-3c9\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b%2BBPqnJ1OdGqO9XEKbJpvfmwjaDdDr7LXPGg30QmH2iUz%2F1lKSEXqsVPtqCVZ6w3Ug028H236o2vQtp83Vy4mzgs9syCxNltSCb2jXffxd1LG9LXMsWGZg0beYTctazilDgsydEStA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a75180a7a5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":969,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"a7a1cdd5318110c34da202779a4d7cc7","sha1":"549520e00b5d7629ef0b7336a666ece5d57bb985","sha256":"c0a93b2102273428dbc1e4e966cde6c6757441062ea9e24f4d615061d35716a9","sha512":"743f68afabca12faec7f9adf3b73081a1292ae21d31b62ea164ebea1ab119b1d935d72eb4eebe8afd7efc06a8b91c59a84ccf50d593960fc61a7a00cca1f819c","ssdeep":"","tlshash":"c7119c0bd8766463602f517eda2ee34567a5400759ea6cb0bacc01840f4d0ae36f2afc","first_seen":"2026-04-27T02:40:04.608885Z","last_seen":"2026-04-27T02:55:38.404454Z","times_seen":2,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gtranslate.net/flags/24/en-us.png","fqdn":"cdn.gtranslate.net","domain":"gtranslate.net","tld":"net"},"ip":{"addr":"104.26.12.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:34.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gtranslate.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 01:40:44 GMT","end":"Thu, 28 May 2026 02:40:40 GMT"},"fingerprint":{"sha1":"F0:7F:B1:BC:BE:73:55:AD:38:9F:92:6F:D6:4E:DB:1C:05:30:A3:80","sha256":"32:CE:74:34:FD:C2:62:30:95:38:1B:13:E0:4F:A0:DC:0F:1D:D8:44:4D:60:AF:C5:1C:94:AD:15:57:F1:6F:2F"}}},"request":{"raw":"GET /flags/24/en-us.png HTTP/1.1\r\nHost: cdn.gtranslate.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: image/png\r\ncontent-length: 550\r\nserver: cloudflare\r\nlast-modified: Mon, 07 Nov 2022 15:42:08 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XPW6Nt2eFHxiLDL30b%2BqCWhL6QcanlWOj%2BnJXx1%2Fp4%2FX5QXicNJKKaoAuXluEUUw9zRrp7%2B%2B39UMsUQ9Lr2lDJd9HJfWI3kg10e4IzuqcSI5URMOAOWI9o0cS1kmgXtxGN5tlw%3D%3D\"}]}\r\netag: \"63692750-290\"\r\nexpires: Sat, 10 Apr 2027 08:21:22 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4;i=?0,cf-chb=(89;u=4;i=?0)\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: ok, orig_size=656\r\nage: 1448291\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncf-ray: 9f2a751d98ccb509-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":550,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"8d9aaedf287ae36a3a3ff6c278f7bd6e","sha1":"2dabfd9612ac251de351549a90d947917d70c7a2","sha256":"5f6e94cecd1a40df47417c30488a05108f8151a64eee2f89763d00b3198550c1","sha512":"d7bbf5225b40b300f39707f1b38c84aaf1b333fffd7e8dc0cfeb079ea56d13d493d16f59e5ccba8c138b8a4f7a8f8b493c28668a42c406c98e370a387e7bd6be","ssdeep":"","tlshash":"76f090aa259a3808d22eaf6b425fc823e54048d0498e008aa03cfa0d1ae0a8933cc1c9","first_seen":"2024-10-01T22:43:11Z","last_seen":"2026-04-27T18:22:48.187997Z","times_seen":285,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/fonts/bootstrap-icons.woff%3Fdd67030699838ea613ee6dbda90effa6","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:34.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/fonts/bootstrap-icons.woff%3Fdd67030699838ea613ee6dbda90effa6 HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/assets2/css/bootstrap-icons.min.css\r\nCookie: _tccl_visitor=f3c14641-883a-4696-908a-7da789a420d2; _tccl_visit=f3c14641-883a-4696-908a-7da789a420d2; _scc_session=pc=1\u0026C_TOUCH=2026-04-27T02:39:33.956Z\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gx8oHV5qZd0oDrSQIAJkD3AMh15DictRaWUJaLax%2BB6YlXs2yp8dv27tMGxA%2Fop188ieINwqS7sKsMGOZIeRREoBjLO5R4KmGXXDRS1It5xYOoQa6dDh30P%2F%2Be5VfRLjEymjBgBnEQ%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a751e1ae95ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"OneSignal","description":"OneSignal is a customer engagement messaging solution.","website":"https://onesignal.com","common_platform_enumeration":"","icon":"OneSignal.svg","categories":["Marketing automation","A/B Testing"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Slick","description":"","website":"https://kenwheeler.github.io/slick","common_platform_enumeration":"","icon":"Slick.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1090)","md5":"3118bc040c4cfdbce34f7ece8bd8bd33","sha1":"b2840a241eefe79c9903f6de73d92c5a99d9ca59","sha256":"c458063ba1bbc995128387dcab6047980bab99ee681dedecd0b42ae6046b24df","sha512":"1b04272d7a5c7a3ef3d0ee1edf45df1e714abef88dcadd4ca92d28b3f7d5a7c4aa328991243178ed83e74eb991c2c1abd25bb9a0d153dc2d53dca891eb3ed2c8","ssdeep":"768:848hacJ2SLj/EgJDzTyqAKpg/7p+uxREq8:848b0SLj/EgZfKKh","tlshash":"8603a424a1f1163b519380e1bb722f1b6f92c183d51e911872bc0bf96fd2d86dc6b1ad","first_seen":"2026-04-27T02:40:04.587281Z","last_seen":"2026-04-27T02:55:38.397384Z","times_seen":2,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/css/bootstrap.min.css","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/css/bootstrap.min.css HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: W/\"69e63f58-38d35\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZT6db30Vm9%2BgeXh%2FnFlNxmaTOuuiunt3AIQboNC4VnOKLyXwEBsCjtB%2BNavHBbFdO9S1FEoG20tNdyL5Ry9PZfxg4DlQ1PBeLIuElvLXpAG9lNkPIgM6Qa7KEXcRvxiqcNshxnjbmw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a7517ea5c5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":232757,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"c45b0ad5d4969c24fcb0488a660b2fdf","sha1":"501e70d68fadd5ca2af8266654981e752e54a3c9","sha256":"38ebdfa27b71528b64c4933fbb4403bfbccd4dd8434bb8f674ddf0e6fa161fec","sha512":"74e7c6db8d1ee26faacd27e6423809c7f60b80e90e9b81b6db1a4d75b7b55dffa09f6cb6d60f34fad00c9924cc64720d69cb655469291ec1b42f1a7ebbcf995a","ssdeep":"1536:O9YnIWbn98fdRfvO5wlP77k9P3EV98IsYRElV6V6pz600I41A:RnIw98fbV986I6V6pz600I41A","tlshash":"883482d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2024-10-24T21:44:25.641421Z","last_seen":"2026-04-29T03:03:35.756469Z","times_seen":700,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/6.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/6.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 30975\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-78ff\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZU0jZDUkLehW%2BlP6BFUyc9o8TeLPxxLOMMVjbsYoDeF0aMdICX6oZa1Q8iACyEsnyC83rpGlviheQf58bWBSSG5DK7qEqTQ3uqtdUUixK94vztm1N7rqMqr0%2Bdigp9hd6E5ZGlKpzQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a75180a745ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30975,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 420, 8-bit colormap, non-interlaced","md5":"4a98800b1d771e96b0a8dadc114996eb","sha1":"220ba98f131289509ce98664586f7ba49d84f50e","sha256":"be3994ccf9c81ef6b2483a53722857f26693885ab123d392017631def7428d55","sha512":"ca884539e285eac3fd4be8864a75009b7372dac43a15637453720f7570603ddb44d3fac9743faa04b9d84fb4fbb72781de0b46f2d1c3a52a1d305defc79b6ee2","ssdeep":"768:w5Wg5eO15pwFoNKRFRSMthA+1pBkY4PjNVYB7Poq1AAucm:w5fwOCGKVSMthPpYPjsyFcm","tlshash":"13d2f1a78ed49ae3602ecdfd9a01356e1470b7b1f12684dac051d6a7d508a99cff30d3","first_seen":"2025-09-08T09:28:19.667096Z","last_seen":"2026-04-27T02:55:38.410792Z","times_seen":7,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/jquery-3.7.1.min.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/js/jquery-3.7.1.min.js HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\netag: W/\"69e63f59-155ed\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8SyONZ1RJpdFcUKGX1%2FW4e2gPgw%2B4tUrYVic5hiM3ZMq1V0vR35y6lH3IS9DQU8VDNYzAehOXWSsf7C3PoTgxjn387oI%2BrHlIdCRmv7lRdRm57OpuhuYt9NJcEQDzjkttVcYlUSFEw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a75180a785ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87533,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-04-29T07:32:02.255393Z","times_seen":146348,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":239,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:9D:A0:A4:A4:3B:62:A3:D0:B3:63:4B:5B:C3:1D:9B:09:43:3C:91","sha256":"DB:10:40:08:19:EF:D7:9C:5F:11:BC:78:DC:9F:81:F3:9E:A7:30:2F:1F:06:C8:C4:A4:DD:BC:C3:27:6F:2A:AA"}}},"request":{"raw":"GET /css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 27 Apr 2026 02:39:33 GMT\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21659,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"17ded04af7b0636d4f8c934291f09ac8","sha1":"d7766b8a83cf1d92c52f7a94654999e4b033365e","sha256":"54985fb48cc0470e63eaaf30034b348ed6bd73cac3f6a759bc1a1c19387af7e7","sha512":"ce25e5ca2afca5d262b17c8d5c5667cccaebce41eacc6afb16f5cd89a838bfd3192564f9a28b450646f2a2fd76414c462f095065c3a45ca72ce31df9c257748d","ssdeep":"384:H3w3s3VR9xqWSUq+DnLami0A0BNBOi/mkX:XEA3mkX","tlshash":"5fa27ad1087be114ab871cc122cf6d36ee0ea254b850e9786bfd1cd8ad97c654371b2d","first_seen":"2025-09-17T03:38:53.893526Z","last_seen":"2026-04-29T07:32:34.838142Z","times_seen":37988,"resource_available":false,"data":null}},"time_used":486,"timings":{"blocked":218,"dns":3,"connect":14,"send":0,"wait":43,"receive":0,"ssl":205},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/fonts/accelerator.ttf","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/fonts/accelerator.ttf HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/assets2/css/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 17892\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-45e4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=attiRBivPtYLXgTAncMBOrg3D1lS7zVVuiiuE5%2FQiAUOXtzX7Nr3Uoe8ijP98Brvj7%2Fil9SsOObhb4gzJe54lho84wzN5fmE%2BGPbo00S9%2FLQ14r0qkxMsj%2Bhun0Qwi1BU1YJyhnXaQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a751c4ada5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17892,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, digitally signed, 11 tables, 1st \"DSIG\", 32 names, Macintosh, Copyright frongile 2022AcceleratorRegularAcceleratorAccelerator Regular1.0AcceleratorFontStruct ","md5":"fdbb0d7f7d81d1ce2117ceb332478e48","sha1":"90ef8b6aac8129ec637935ae2a0e1ae276e24742","sha256":"eed97415dafeda0ff03486864f424a2d3ec3ce0b43cbc8bb5e7c0ce87d709476","sha512":"45a29dc12621535c967c42cafcc64178a313089545b72a48a20da49df2e68d02af61f003563a316007363ceb9828e3ff3712bed27ca9e3baef1af9f6f5f7c04a","ssdeep":"192:BXlP/BwCFZuhvvwc8LPMyVlr0zNAOpUm33hal5FxKZqZlZ+Ss:hlXBtyhn6PMzPUm33hu5s","tlshash":"cb82ed27bfa69d22f9621eb98eb9c3182b28f5548f1b8b73711402e4efd11c68d507d4","first_seen":"2025-06-19T19:59:31.735591Z","last_seen":"2026-04-27T02:55:38.42363Z","times_seen":12,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/4.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/4.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 5523\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1593\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nolxSdZooA4UB8FtTBn1gOORFRPkeH%2BmNZ5Z2t3Al2TmjOCwP1lQpRihqBeFryJvocq2DaQLcTl4g%2BdsS9BjzgTnaPVrnAcflo2xXj%2B08oO8kQQSa%2BAmfYdn3sva9NNztIoQjaPwlw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa625ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5523,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 565 x 76, 8-bit colormap, non-interlaced","md5":"37464cb39da2f9d6d781fae50542c662","sha1":"d64bbcd9283e2e12b06ead1a7e6821ef89a33868","sha256":"1d5af3a8d0d2e33fe94da9776aa1479e8e01b9a08191b17978e354054b37cc85","sha512":"2073e1c80433dc2cef1d0adbeb8630eeb86ff0bd613e041a4129ead238de2d77291c2c4e312482ab11e281879990e317bb73868f948c95baa18fbb5c7536ae48","ssdeep":"96:rFuky+GVCLlsQ8w7CzStWaegxAbhKv70UENVPSHTlVTIG+:ELVYWZwOzeWaegxKhQ7mGTrcG+","tlshash":"64b16ebf1572405216110bae519f9d31b1e8bc0facdb628c90d4b4772f37e356db2a4a","first_seen":"2024-12-28T18:16:18.004369Z","last_seen":"2026-04-27T02:55:38.40854Z","times_seen":14,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7884\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 23 Apr 2026 02:56:16 GMT\r\nexpires: Fri, 23 Apr 2027 02:56:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 344597\r\nlast-modified: Mon, 15 Sep 2025 16:34:42 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7884,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7884, version 1.0","md5":"9212f6f9860f9fc6c69b02fedf6db8c3","sha1":"ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b","sha256":"7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f","sha512":"67317495f4b53e20a9f31c034e456e6c37f387dffb2c092caa5159bc441cfcadd02749ffe5bbed1d580d5300a59e48a767ef2c6d9978b474f84c1a2cd095c126","ssdeep":"192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI","tlshash":"c3f1ae4eb3f2cd1be40982e53a0fc90b1c578272681fd772d067a22517893bc8db2c81","first_seen":"2023-04-05T15:35:34Z","last_seen":"2026-04-29T07:34:57.732426Z","times_seen":315399,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":125,"dns":3,"connect":15,"send":0,"wait":16,"receive":1,"ssl":106},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://rexas-com-claim.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7816\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 26 Apr 2026 10:06:42 GMT\r\nexpires: Mon, 26 Apr 2027 10:06:42 GMT\r\ncache-control: public, max-age=31536000\r\nage: 59571\r\nlast-modified: Mon, 15 Sep 2025 16:35:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7816,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7816, version 1.0","md5":"25b0e113ca7cce3770d542736db26368","sha1":"cb726212d5d525021752a1d8470a0fb593e0c49e","sha256":"9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526","sha512":"a0d331e62ab4727f49ca286a1ee7fb81cddc5bb9edf71ef84f4bd4fa1552069af1a82752011ba88fae80862d034135926b7e99d70e59d626d66d4ede90e94c30","ssdeep":"192:Agw5ksLwlyK8F2BXU96Fc575OI3+ga534SlEFwTG4ovej9be:Al5y8FSUMS5VOq1KISlvS4ov+4","tlshash":"a3f1af19d5de5a73f80032b45b6911ba7e42fa83bc68bbedf8046a10ad542cb467cc91","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-04-29T07:34:57.697102Z","times_seen":223048,"resource_available":false,"data":null}},"time_used":332,"timings":{"blocked":160,"dns":2,"connect":16,"send":0,"wait":15,"receive":2,"ssl":133},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/12.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/12.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 5239\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1477\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ka4EQwKibolL7uDz%2BwrpU8gTRDEytOJlwoYIdhfhPSe9MeFxNaauzaxORYe8PkumfARYNiY5ognp7T%2Bd1twzNwsf2ljI3Hv3YTmC01xoxTNeGD%2Ba8EwkA%2FFRLAI3ISgVy18PCM%2FdRg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa6c5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5239,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 332 x 50, 8-bit/color RGBA, non-interlaced","md5":"1d4d80435085d2d8bcf8e05de42bbc66","sha1":"1ef1f5ea214e5620733b8e478a68df1a8dae4456","sha256":"d84fce732dc727d03ddef8d31b0b7d1f81f6f2d76f4af26680296db6be19de50","sha512":"56c9998c54773efa3f296e0247a1c433b37cffb6ce246ea4631df3eafc1a6455fe890b4ce12e721601cf248a73af9510b503fa418aada2c770594c01003cc421","ssdeep":"96:0mZSNxy8XLf0i1c4nQ4mYBVUri4fV7//XnxAlfNInrFkJlExnPRkGSh4wrSdcw:xomqQiS6Qo3Uu4f5//XxONIhkJlg5kGZ","tlshash":"27b18d037240773d9ba75fc642a6050baebad5085ff062a78246f8e81c441278f3e98a","first_seen":"2025-06-19T19:59:31.74248Z","last_seen":"2026-04-27T02:55:38.401086Z","times_seen":6,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/js/bootstrap.bundle.min.js","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\netag: W/\"69e63f59-13b51\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o6OUp6GLUpirkRZvMm547V5jTW7kdoLKHjSAIG0ktkfrCFyyJ2tkdut9MM5%2BMekYVhHpe0ejZqemdTZ9fjoZO%2FtShzSwjuScfShfoIYwucYh2yLcIRDPStZWBQem%2FLDnpG0upJk1Ug%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9f2a75180a775ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80721,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"2e477967e482f32e65d4ea9b2fd8e106","sha1":"ddc6e9ead6d16ae9237399ce41e8c1620cc59c36","sha256":"0833b2e9c3a26c258476c46266e6877fc75218625162e0460be9a3a098a61c6c","sha512":"ecf8bfa2d7656db091f8b9d6f85ecfc057120c93ae5090773b1b441db838bd232fcef26375ee0fa35bf8051f4675cf5a5cd50d155518f922b9d70593f161741a","ssdeep":"1536:WmwIiEEO+TBR2t4J9RirWDKsVA5y7fy3YJtC/r/45wZbfbXZTb0WU078:HwORx3YCD45wZbDZTb0g8","tlshash":"ce73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-04-29T07:27:21.599897Z","times_seen":23425,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/traffic-assets/js/tccl.min.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Fri, 05 Sep 2025 18:24:05 GMT","end":"Wed, 07 Oct 2026 18:24:05 GMT"},"fingerprint":{"sha1":"0E:95:B5:3C:BC:57:5B:29:44:36:31:82:4A:13:83:C0:BB:C6:51:2D","sha256":"2E:41:DD:15:BE:3D:3A:3A:29:F0:65:E6:52:EC:88:54:C4:60:01:9E:68:96:30:F3:2A:31:D9:A1:95:CA:69:24"}}},"request":{"raw":"GET /traffic-assets/js/tccl.min.js HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-length: 0\r\nlocation: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js\r\ncache-control: max-age=31536000\r\nexpires: Tue, 27 Apr 2027 02:39:33 GMT\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":104464,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-29T07:35:15.627588Z","times_seen":14364829,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":17,"dns":44,"connect":1,"send":0,"wait":5,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/bg-3.svg","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/bg-3.svg HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69e63f58-1266b\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MSIGNNUIcBjP5dTfLsE1xptQE5sV1uf26G%2Bu6y2UXs62ncp%2Fb9jnwZPSstCjaGWgIhjhmeS7dlzp1vxCALFYiYdjPcDP58QSc7ip1CTqcGLg6megZVFIOKbzupBaDfAingpzNHEBzw%3D%3D\"}]}\r\ncf-ray: 9f2a751c3ad65ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75371,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1c55427435074e0c86155681ab4a8716","sha1":"7530f1103b4b7d1618ef34fbd77412d11abc582c","sha256":"d182cd224bae87d3fb8ab0a7c415375d80e13797bc979342c49a88f72b552d67","sha512":"a6305890c521d232645bda8c527011cb5af36291c8e685b5f8c15d0123fdfefbc8a46d86261ec71bb7a62f65a195eb1c66b3133fa069293b05c425da631ac8ce","ssdeep":"1536:a2qP+jOLPcu+qWywTzCcq9OOD61Y9OcbYWDjqUTC2RjChAP:a2w+Ocu+qCTzjyOOdOGjDjqU+4j4AP","tlshash":"f0730272351edd7ef55c28d231558906cbcd34a0a78ed3cafa092d6bc0be6620e61c1a","first_seen":"2025-09-06T14:26:30.617399Z","last_seen":"2026-04-27T02:55:38.400528Z","times_seen":11,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/bg-4.svg","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/bg-4.svg HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69e63f59-ea73\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0l20wH2zwlXGVdrpuN3b1PR%2FJAIXSZ1zPzSoSs6x6JrscMq3Ujd8J%2FKGARocrMyUOJxk2ijZN4tyiRgcVYI%2Fj8FcPQXvGyS5Gxj97BFg9H3s3FacM%2BJ99DHbABBfA49MDnC5TEAGXA%3D%3D\"}]}\r\ncf-ray: 9f2a751c3ad75ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60019,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"512e9408fde85334698471708dbc8722","sha1":"954271e64a6f5119f65a8e437d2dc53e31cffdd5","sha256":"4fe190d003df03ad0d73e329c32cef2d1762f1e9815c2c506e32eed97453f7f0","sha512":"4d26032fb252c83ea3f7f73b8e7b66d9ce503aaa02d726e4c8493508eb618c44286298016d1e5d954807be90a031e791cb538b2a8c9c1383516ddc7637d32f34","ssdeep":"1536:zUDCQMCThqzAlzXV170xFQtMa0u+3q27t3+Z:zcPFUUlzXV14fuMaF+57t3+Z","tlshash":"0a43e179373e6cde05c87c1054c72a2754e804b7985d8810facd8aefa273a7bd7b50a9","first_seen":"2025-09-06T14:26:30.552076Z","last_seen":"2026-04-27T02:55:38.3923Z","times_seen":11,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/11.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/11.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 7246\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1c4e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2BIX5w%2BoTx4zWPk%2FunzDdMVQ2d7ole354q0BWJ%2FwJhHTdWW75zM1S17InjkwqUZc4i1XKCtDniFKHNtRSiA%2B5dK4z3FNTbzBAsMwZTPMvTmEd%2BSXTIX3WOYMHrlfZRLpwk%2BypSKRuw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa695ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7246,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 440 x 147, 8-bit colormap, non-interlaced","md5":"971ab15ee1df6810c1b27ea8d428f8ed","sha1":"4e9ebd931c75179aea1feb59e49131e38ee94f53","sha256":"8c35e0651f3b1fcb6f2317181169c1d7f41e03322db2b01d55944c5ddf55d53b","sha512":"709fc504a7b772e82a23eec6dfe667421c75612d019aa3dbbc0a7396f83d221a7a5c52026c5d0b2fde33f0376276164c8642d3c0f7980e762205705b3bff15ed","ssdeep":"192:u0mbU8/mWtNciQC7lUN4yPsKfX4D/MwQxXSGWPVMALUT:rmQ8eWX2LN4osPMw6SFA","tlshash":"fce1ae6fa4606f86a0e9de5661a1622654bc9fae3060332470b53c4a197cffe1bd4407","first_seen":"2024-12-28T18:16:17.986667Z","last_seen":"2026-04-27T02:55:38.398662Z","times_seen":15,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":201,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/main-feature/bg-5.svg","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/main-feature/bg-5.svg HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69e63f59-1539f\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0uGG%2F1O7Ylp1oO5Xl8PKlNISVLJZiWXc3N7vH%2BnuU8dPrE9mRohn2%2F%2FZ4d0dq69B%2FSXf%2BfUuGLqXKe0t9ctFVb5PchoUIfzXzzApf%2FXZWGYELm66iEXzwP8fhKv0OS6zMwxPEkSylA%3D%3D\"}]}\r\ncf-ray: 9f2a751c3ad85ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86943,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"33392a7a63ef109dc0c819a5d1f6ff8a","sha1":"e626780a71b287185c3dfd5e725f34693e4188da","sha256":"96c7922df9387f0bc517e7d0a5f60349ceb531f24aaad5e1530f2fd6629e72ca","sha512":"9007c09b68981261a77d4f7ba128bc759b3d71eeecdd7ac75e18e85bdd838a34427078cfc5c028777883f79d03e5c53c6eea075c78b50fce85a80bb4b0fba091","ssdeep":"1536:JNVxGuyrTv0kH3eqbAFnkvNwIe6oEvWRgC0vKV5bBMuoKQRNPW5gUOjP:JNVx56hudFnkonHRRBV9BtoKQRS6","tlshash":"968302378417ae9d0a2c2e35c0bf2e20ad687d37d754a820ddd5bbb380298dce5655c6","first_seen":"2025-09-06T14:26:30.540132Z","last_seen":"2026-04-27T02:55:38.41814Z","times_seen":11,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/7.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/7.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 7600\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1db0\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qH7EFiW5nCbn6OBhKSg3KXnVHnWreHDiCX3PcIDQOx8%2FHiNNyNTY6BCfPST5YFnCkQGwMbUuCm5ZxC607krOj%2B8E85eZFlUlJ0AX3iGOhxPBCCr%2B142gdpixtHZhgS5mtWLFUTs3Mw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa655ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7600,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 426 x 73, 8-bit/color RGBA, non-interlaced","md5":"6bd369bc6019c987a0be91e8d1483964","sha1":"1d5e0e5a91aca4565870efd51a029acff6ea97a1","sha256":"7c9ad6cf95cdec84df1c7af7abff5b4650e9c0d4dd5fcf5365b967179ec1513a","sha512":"e0899a221cd34687fb044d097bae027db8b05b014bf232891517990ba8b388ba53eaa39abc6d705fb6ae6bdd718fbc0d428a073fdf7e6b00479c654f39c391e2","ssdeep":"192:H//IzHB4wM6ZpmWxf4cAb93ygrHV0pBeY20fjGlFWLG+slFk:HHI9NMlAJAbUgrHVOBeY2ujGXWp","tlshash":"63f1af326c69262c84ef6c6b1c77f1c6784979774195ae36b2bb3ce57851326cc0d318","first_seen":"2024-12-28T18:16:17.965643Z","last_seen":"2026-04-27T02:55:38.393388Z","times_seen":9,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/assets2/images/featured/14.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:33.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /assets2/images/featured/14.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 5394\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:36 GMT\r\netag: \"69e63f58-1512\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UnaCcqHcIhlMnWpSne0kwgBTkeUsGfkKJ6fwz2ogbQiu4E%2BJbOYMc9jldYpTbdHkNT%2BRITQAvGqEnR7A6tmk6xABs0kCaSH5Ea0GsSVMETS9kpJ0iEWVi2E7bIYH%2Bh%2F6Yp3N3UJ%2F8g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f2a7517fa6a5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5394,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 345 x 105, 8-bit colormap, non-interlaced","md5":"a2c98333b52c9749faacdda257373760","sha1":"2edb475410f97f2ecf1fd165c4c960898ee1e520","sha256":"bf8c77c0902d537bd635b5748da04b484d6b40a62210773e77af2846ecae2dec","sha512":"f97a3fe678f94773e87ed6dca76e18e59280d1e8a2be466429ad4db92e9a51a1db7ea4e4eb659ea6ac3b9fff3d9c4f879c4c29958f799f9f31d38a8d7c88401f","ssdeep":"96:QtvQXGVwyK7DyJshzN6nkS7+KQmImV0KmUI834sly2h53+FOUFRmphPJt+BJizCT:ivQX7yK7D4shzWkSSKQmtfe4yWUFQn7G","tlshash":"b1b19e3a0b50c555b7e6bcbf4e68c468a6702d56a37dfb821404fa69723f40e97c844f","first_seen":"2024-12-28T18:16:18.023468Z","last_seen":"2026-04-27T02:55:38.387975Z","times_seen":11,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rexas-com-claim.live/apple-icon-180x180.png","fqdn":"rexas-com-claim.live","domain":"rexas-com-claim.live","tld":"live"},"ip":{"addr":"104.21.61.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rexas-com-claim.live/","date":"2026-04-27T02:39:34.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rexas-com-claim.live","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 18:37:50 GMT","end":"Fri, 17 Jul 2026 18:37:49 GMT"},"fingerprint":{"sha1":"ED:80:04:9D:EC:E1:BE:51:A0:EE:6C:01:1C:B0:A2:D1:DE:89:68:94","sha256":"8E:AD:E6:81:F5:7C:4E:16:7A:D9:C6:E0:A4:79:84:3D:65:84:FC:98:0C:9A:BC:BB:A7:C0:84:D6:6D:7F:BD:2A"}}},"request":{"raw":"GET /apple-icon-180x180.png HTTP/1.1\r\nHost: rexas-com-claim.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rexas-com-claim.live/\r\nCookie: _tccl_visitor=f3c14641-883a-4696-908a-7da789a420d2; _tccl_visit=f3c14641-883a-4696-908a-7da789a420d2; _scc_session=pc=1\u0026C_TOUCH=2026-04-27T02:39:33.956Z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 02:39:34 GMT\r\ncontent-type: image/png\r\ncontent-length: 28527\r\ncast-mode: default\r\nlast-modified: Mon, 20 Apr 2026 14:59:37 GMT\r\netag: \"69e63f59-6f6f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=59Gngpd1vb%2Bl%2BuiVRgrtdJvHdTlykGzwG94Wd9DLuQK%2BU5CYHq4pyrYAl%2B6v77p319M7npxdvPXPpurJ3kvNv1N6p6SOJ5HKfARXLp6YBjWGjtx2AVdkWd5svmdFAKd0tC0%2FOTryRg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: 9f2a751ecaef5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28527,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"8b6034e63ac0b3faa7cc08db0f8b532f","sha1":"e71d907be9718ea2bded4b120204b2af0fc2c071","sha256":"142d46c24b0e30e290586a9863a5cb6c93357f6ad1a5bd24b5533beb28f9dd49","sha512":"b280255a40ff8c504bcea6de4df92f75f9349cd2524ea79ad7ea98d00be5c9f4d386b96940f0f8e7371c6cd90db0fd29c6fef7551ec39c23dda7e56ac5c9c7d4","ssdeep":"768:H9IicCjTQJ0R0D30d/1jttb9uvsNz6bfyM7Xh+iIXjUJ1cOYOL:H+Ij0mR7Ht59BNwnXh+isOcV0","tlshash":"69d2d086f17430df28732bb01df2d8918d26024d15832a45598b2ee92eff7b125f8de5","first_seen":"2025-09-08T09:28:19.687977Z","last_seen":"2026-04-27T02:55:38.424185Z","times_seen":6,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"rexas-com-claim.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}