{"report_id":"d2945e0f-c212-4215-a0a5-7247ff26458b","version":6,"status":"done","tags":["malicious","clickfix"],"date":"2026-05-04T13:20:21Z","url":{"schema":"http","addr":"vote-onyx.app","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"vote-onyx.app/","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"title":"Onyx - XCN Ledger Blockchain","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"vote-onyx.app","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-08T13:20:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null},{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"summary":[{"fqdn":"vote-onyx.app","ip":{"addr":"104.21.16.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":4,"received_data":8013814,"sent_data":1753,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"rpc-mainnet.matic.quiknode.pro","ip":{"addr":"132.145.155.63","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"domain_registered":"2018-01-05","domain_rank":2989773,"first_seen":"2021-05-19T17:40:41Z","last_seen":"2026-05-03T02:33:41.611548Z","alert_count":0,"request_count":2,"received_data":1025,"sent_data":1042,"comment":"","tags":null,"fingerprints":null},{"fqdn":"claudjaframework.beer","ip":{"addr":"178.16.52.101","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2026-05-04","domain_rank":0,"first_seen":"2026-05-04T09:17:14.686856Z","last_seen":"2026-05-04T09:17:14.686856Z","alert_count":0,"request_count":1,"received_data":1132,"sent_data":469,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"vote-onyx.app/","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2d6cad343d3a2b39a83a6ee4d97b1c83","sha1":"cc525fd6bcdf9602f5d3ffaac1c2885c09098fee","sha256":"54b5755ecd88001b54a9ba70ed1d78d9d3a6bf692aaa0fbe57b3831c5d996d50","sha512":"e1b27e161b169d5c5ea25d50d8469b086f403a127e3e5c2a6a19cfa7b5ec7084e43b1d80b7839190698edfc6b48c6badcc9f2781d785b2e13033a2976522a0be","ssdeep":"192:ISEEBVoggSJuwBkMhjx9mEMEDzr9hsBToO52uZGUvsJCmO5Z1Mz91vscKBhrcgWs:sESv+9mSrmZhvsJ/iZ1MwBhmfQ44","tlshash":"7242d7643d6384b542f800e110be9105f9bbe71138cdc0d4b1df9d460baf6aab1b7a2e","size":12833,"data":"","first_seen":"2026-05-04T09:17:23.43804Z","last_seen":"2026-05-06T23:06:28.604179Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vote-onyx.app/","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e5b83ed494f2d51612f8a02f623d8ba6","sha1":"adb370ecafc66ab81b55fac7b2aa19b779bacffa","sha256":"2c75feb4716b5792102d827dbad92615c3d180b4bc388089267e2a1c5f91c219","sha512":"d09f7af9d6d2196c8861bc07119358a2f7278290ce7997d4b678bead396e957a5c8ca74365b34e5561ce2f876019eb7877862c9fe94ba757ac454a332da527da","ssdeep":"192:DyWPpoI31kEUGrnc896b+fl843LVhvrlVZxLNzewAiSLZweU4L94pZZ1NwgPeiAz:mSOI3/UGTE2zVhvjdeJiGV+NL00y","tlshash":"60725b6ba395eb1b43e7169f50edd0fce6e214c2152a755c37cefca68a39804c42f190","size":17538,"data":"","first_seen":"2026-05-04T13:20:27.25073Z","last_seen":"2026-05-04T13:22:25.145333Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"vote-onyx.app/","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-04T13:19:57.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vote-onyx.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 10:37:01 GMT","end":"Sun, 02 Aug 2026 10:37:00 GMT"},"fingerprint":{"sha1":"E5:60:D8:51:71:A0:10:A6:40:17:A1:4A:C0:9A:30:AA:03:FC:E9:09","sha256":"C4:D9:44:F8:65:10:5D:6D:EF:6F:F1:98:AD:B4:C0:71:EC:FC:54:21:1A:FC:91:63:DC:97:2C:FA:4B:82:6E:D3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: vote-onyx.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 04 May 2026 13:19:57 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Mon, 04 May 2026 04:33:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hoWZVr23gszLfueiyQfb6gs%2B9kAjF0IYI9dEg8EghLWQo0VHgH9o0Uf%2BuLuOFH2xSAjR%2BbGq%2BXK54eIX%2BpjYDb3uklIxNsx8R2kd6kfORH0RZDi8m2GGNT82pAZkPhbe\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9f67ccd20c1d5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":199936,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (17536)","md5":"9a4ee9d168248cf4038dd60007ea218c","sha1":"2f09ae3ff217ae0c7a526c35d9f5b0dea15b8edd","sha256":"af7a19fbbd9b7792e9f4b27dfae004182afb5bd70aced8560dbcf598804d1586","sha512":"bdf5cbb8d5b1fac30ac10a519fdeb75b24b8ba0264c099cbef14af06132c4365c3429e91c83bb8c51d2295ec3104e2c30d78e53c755e8c97fd9f38a87e300903","ssdeep":"3072:vZzoI/n0IPn1EekT6QS30k528blW88blWP8A8xN89GEbP:BzoI/n0IvO5m28Y88YP8AoN89RL","tlshash":"e5142a23024b2667190d3efbd6a6b94ed108f593cd139ec8f1dd48d8978fb9a484636c","first_seen":"2026-05-04T13:20:27.235337Z","last_seen":"2026-05-04T13:22:25.140961Z","times_seen":2,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":39,"dns":23,"connect":1,"send":0,"wait":81,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]}},{"url":{"schema":"https","addr":"vote-onyx.app/style.css","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://vote-onyx.app/","date":"2026-05-04T13:19:58.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vote-onyx.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 10:37:01 GMT","end":"Sun, 02 Aug 2026 10:37:00 GMT"},"fingerprint":{"sha1":"E5:60:D8:51:71:A0:10:A6:40:17:A1:4A:C0:9A:30:AA:03:FC:E9:09","sha256":"C4:D9:44:F8:65:10:5D:6D:EF:6F:F1:98:AD:B4:C0:71:EC:FC:54:21:1A:FC:91:63:DC:97:2C:FA:4B:82:6E:D3"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: vote-onyx.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vote-onyx.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 04 May 2026 13:19:58 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 30 Sep 2025 15:52:58 GMT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\netag: W/\"68dbfcda-a92cb\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WvTrXmnHCBJEKUhFylPoZuDku46fm9%2BE%2BjekV5aNujejIHMJh175EZPeyub1iH%2Fsa5dqTWodf3790dtRbQQW0WPNs46znofYSvKydOgBNQycEvkaSY7qc66HSkv3WOJb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f67ccd39aec56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":692939,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (32317), with CRLF line terminators","md5":"80b00c4747d78a1100b0cdfd27b789c8","sha1":"7e833bba686d8b251938d62a948f9425543e3ca0","sha256":"b61141def3627bab8ef671c14ab119b46a2a8499c2e8f49a4bcf5d3ffff65c0b","sha512":"3b88bf8ede69431d67f33706fee674c16da233105810fa7474aec99e56c17c58e62f38f13b507222400573f9805155f33bebe710c9932db8760f8baefe538d4a","ssdeep":"12288:ChFVDEZMyS4LJY97zU0IueixHEe/CJpmNFMvobh:sFEComPmiCvJpmDMy","tlshash":"0be48cf6a043ed526d760a41945f3a04ee3828ebc925a154bc8d24446ff4cf4be2ef78","first_seen":"2025-10-13T04:20:29.171026Z","last_seen":"2026-05-04T13:22:25.14445Z","times_seen":6,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":129,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vote-onyx.app/assets/eleven.js","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://vote-onyx.app/","date":"2026-05-04T13:19:58.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vote-onyx.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 10:37:01 GMT","end":"Sun, 02 Aug 2026 10:37:00 GMT"},"fingerprint":{"sha1":"E5:60:D8:51:71:A0:10:A6:40:17:A1:4A:C0:9A:30:AA:03:FC:E9:09","sha256":"C4:D9:44:F8:65:10:5D:6D:EF:6F:F1:98:AD:B4:C0:71:EC:FC:54:21:1A:FC:91:63:DC:97:2C:FA:4B:82:6E:D3"}}},"request":{"raw":"GET /assets/eleven.js HTTP/1.1\r\nHost: vote-onyx.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vote-onyx.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 04 May 2026 13:19:58 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Sun, 26 Apr 2026 00:18:30 GMT\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\netag: W/\"69ed59d6-6c8ccd\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2p%2BkTl9YjvvTFZZZfOWtZOUxTOzDw%2BRNwL4jZns88qM0bO2RGLCqpu0Wd4xOXW2B5WY%2FNU5uhP2I0DuRoNbm8qDqSk8uqvjjHISdb%2Bf3Do6XKMR7cqcD%2FHVuMJavbDDa\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f67ccd39aed56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7113933,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"62851808d35a19a388e28322acb50c32","sha1":"9246ecbbf04b8321f24277696e6da8e50e453c3b","sha256":"1dcc048947d4b37eb39849e83a5a99a6e5d5448d0871e1a2f1265c0c2b956ad5","sha512":"d1a55d3b22d1ee3091f90b55fa323ab28cea8348c4f9b8fcfd9dba59bb8174720004b5fd0ae42d72bbd2f648be559898aefbade4ba6478c6d2267bd8c8dddf84","ssdeep":"24576:apfRyhK29Fcq5jIDfgVoOVta8ZIWAcFBra+y:aK4MO","tlshash":"c42507cf27d9b5551212307b3d1a2093e4aecc99b98ccd94f797ac2ef84c72ca1b5624","first_seen":"2026-04-24T15:23:09.416345Z","last_seen":"2026-05-17T11:52:00.933363Z","times_seen":158,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":269,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rpc-mainnet.matic.quiknode.pro/","fqdn":"rpc-mainnet.matic.quiknode.pro","domain":"quiknode.pro","tld":"pro"},"ip":{"addr":"132.145.155.63","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://vote-onyx.app/","date":"2026-05-04T13:19:58.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.matic.quiknode.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Mar 2026 19:00:00 GMT","end":"Sun, 31 May 2026 18:59:59 GMT"},"fingerprint":{"sha1":"02:83:6D:DB:CA:18:CD:B3:5C:F5:94:9D:AC:8F:3E:87:CD:9C:DA:DF","sha256":"98:DA:12:2E:FC:0F:89:2D:D2:11:9F:81:3F:A0:62:53:A5:75:D7:97:B9:13:44:7A:9D:19:C5:66:C7:43:B1:FA"}}},"request":{"raw":"OPTIONS / HTTP/1.1\r\nHost: rpc-mainnet.matic.quiknode.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://vote-onyx.app/\r\nOrigin: https://vote-onyx.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type,Authorization,User-Agent\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-origin: https://vote-onyx.app\r\nvary: Accept-Encoding\r\nx-node-id: polygon_matic_iad\r\ncontent-length: 0\r\ndate: Mon, 04 May 2026 13:19:58 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-18T01:40:59.470796Z","times_seen":15361875,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":166,"dns":18,"connect":95,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rpc-mainnet.matic.quiknode.pro/","fqdn":"rpc-mainnet.matic.quiknode.pro","domain":"quiknode.pro","tld":"pro"},"ip":{"addr":"132.145.155.63","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://vote-onyx.app/","date":"2026-05-04T13:19:58.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.matic.quiknode.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Mar 2026 19:00:00 GMT","end":"Sun, 31 May 2026 18:59:59 GMT"},"fingerprint":{"sha1":"02:83:6D:DB:CA:18:CD:B3:5C:F5:94:9D:AC:8F:3E:87:CD:9C:DA:DF","sha256":"98:DA:12:2E:FC:0F:89:2D:D2:11:9F:81:3F:A0:62:53:A5:75:D7:97:B9:13:44:7A:9D:19:C5:66:C7:43:B1:FA"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: rpc-mainnet.matic.quiknode.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://vote-onyx.app/\r\nContent-Type: application/json\r\nContent-Length: 136\r\nOrigin: https://vote-onyx.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":136,"data":"{\"jsonrpc\":\"2.0\",\"method\":\"eth_call\",\"params\":[{\"to\":\"0x7CB2F4b647D110aAeA4aE139cAD761fEf5cF1896\",\"data\":\"0xb68d1809\"},\"latest\"],\"id\":1}"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type,Authorization,User-Agent\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-origin: https://vote-onyx.app\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-host-id: f1b546936d23e3b5-122f498bc1943b0e\r\nx-node-id: polygon_matic_iad\r\ncontent-length: 231\r\ndate: Mon, 04 May 2026 13:19:58 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":231,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"44c391b6e163aaf3c3f91cb24c6b6123","sha1":"48973d4cd97cdb433eaf3741d5a18e6c7ec10c27","sha256":"e114c23bc79fbd3b1c75cbfd4568e23a7db2ca3f7a9a7d778334962386578219","sha512":"828ea66d448439451c0cf087a664abe86097517141f4d8ab92d44c46d8c4bc6c7aea805e124b48fd66693aab3019fa9a5b228900cb4a3e8461105a215142540b","ssdeep":"","tlshash":"37d012e4041bcf72e0b8498eb048b10071767f5fccc50e869a0c0dc461e8142b714333","first_seen":"2026-05-04T09:17:23.426164Z","last_seen":"2026-05-06T23:06:28.595502Z","times_seen":10,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claudjaframework.beer/api/index.php?q=Lajtqow3bQa4SjFemg","fqdn":"claudjaframework.beer","domain":"claudjaframework.beer","tld":"beer"},"ip":{"addr":"178.16.52.101","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://vote-onyx.app/","date":"2026-05-04T13:19:58.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claudjaframework.beer","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 05:19:04 GMT","end":"Sun, 02 Aug 2026 05:19:03 GMT"},"fingerprint":{"sha1":"16:B3:7B:AF:87:5F:EA:4A:BA:30:6B:66:D7:B8:7B:1D:99:95:C6:64","sha256":"13:95:FD:86:49:29:00:0C:81:8E:C1:EB:A4:62:25:AE:6D:AF:3B:FD:56:81:2E:A8:AD:8C:2B:55:56:B5:C7:6D"}}},"request":{"raw":"GET /api/index.php?q=Lajtqow3bQa4SjFemg HTTP/1.1\r\nHost: claudjaframework.beer\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://vote-onyx.app/\r\nOrigin: https://vote-onyx.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 04 May 2026 13:19:59 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\nsurrogate-control: no-store\r\npragma: no-cache\r\nexpires: 0\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\naccess-control-allow-origin: https://vote-onyx.app\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type, X-Requested-With\r\naccess-control-allow-credentials: false\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":451,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5929fd33c32d5ed83569bdbcf91b9aac","sha1":"e8893af7c3f623b7d7a195e36b08a0e91d59ca6d","sha256":"cb458e5011cb1f8cc37501d58b6e8fbf7a534fbc3d004090069db01916281789","sha512":"10c027889d3ea8b289c2fe2ec42d456d6b794358289c5d531b627748c1f1a4821329662bc8ebf84d4c0b6176bb31d021104812d341d24be6928410463cb4ae62","ssdeep":"","tlshash":"70f0dc6d4154e224806aab2c38b0a5a41e791374a8b094e2d022889d2a09adca16007d","first_seen":"2026-05-04T13:20:27.246354Z","last_seen":"2026-05-04T13:20:27.246354Z","times_seen":1,"resource_available":false,"data":null}},"time_used":591,"timings":{"blocked":173,"dns":23,"connect":65,"send":0,"wait":244,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vote-onyx.app/favicon.ico","fqdn":"vote-onyx.app","domain":"vote-onyx.app","tld":"app"},"ip":{"addr":"104.21.16.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vote-onyx.app/","date":"2026-05-04T13:19:59.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vote-onyx.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 10:37:01 GMT","end":"Sun, 02 Aug 2026 10:37:00 GMT"},"fingerprint":{"sha1":"E5:60:D8:51:71:A0:10:A6:40:17:A1:4A:C0:9A:30:AA:03:FC:E9:09","sha256":"C4:D9:44:F8:65:10:5D:6D:EF:6F:F1:98:AD:B4:C0:71:EC:FC:54:21:1A:FC:91:63:DC:97:2C:FA:4B:82:6E:D3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: vote-onyx.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vote-onyx.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 04 May 2026 13:19:59 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7QvF18DVxVDIe17lNLqH%2BF5Ljy7VpBuMcoCZDc7pBfxqcfeDyqhvX%2BJ49LqJPZtCleB8tQdcv82PDpBvF3w%2BG93N4GAej9cFxEqYKEgeplXSL8sqIHeYtPNfyjIY4yLy\"}]}\r\nlast-modified: Tue, 30 Sep 2025 15:52:26 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"68dbfcba-10be\"\r\ncf-ray: 9f67ccdedb5456c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"6f6e918a63567dcc044fcc66038b0b6d","sha1":"d724830605d4a21e9fee60daf422750ebbf6cde5","sha256":"b3507c423f55ea875500f80cfe91e0aafb1583f6de816f4865eb9c755eb90c82","sha512":"067b51f2f98564e8f13a9bb5198781ada497a17274dffff38f3f0f51dceb07cb4140a5076b6ba58768120dbbe3bb8a6442a263be2486252d51c3623d3190da58","ssdeep":"48:rE3SXvzEFXJIVpMqOFoToxJup/gtxUMdDmee:4erE16VyqOFoToxW/gTUMdDU","tlshash":"2391ac5aaa26d950ea44c170934fee3a4c23ceb89a25b00961f27e3739b72e3244554c","first_seen":"2025-10-13T04:20:29.208341Z","last_seen":"2026-05-04T13:22:25.139513Z","times_seen":8,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}