{"report_id":"d56207b2-a534-4efc-b630-ab0eaea446aa","version":0,"status":"done","tags":[],"date":"2026-06-28T12:13:54Z","url":{"schema":"https","addr":"falconfinances-participate.xyz/","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"falconfinances-participate.xyz/","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"title":"Falcon Rewards Vote | Falcon Finance","dom":{"size":64264,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1255)","md5":"39d3c37d5cf1a3cdca7a3d13e14950ef","sha1":"b94d44e065909a4483bf121f4d464b9756c79135","sha256":"c7a023b8842049746b5720d62b037fa0446a5249d621a2ce6d8632271592890d","sha512":"25db4808b8269a86dc040f6e93432712859e5cf2a38e47866407f7d8061c5c80fa2023777237d2e1a44067d4fc204f9378016c4fc29fd64033aeca919e5a8f73","ssdeep":"768:GJLWE+3DQz/eoSo3QTjJ/d0rmK/+k0ufu/u5S8Qza57Yeafklo8OVEdyQ0N1vV9T:cLWzfzImM8UujxLWDW","tlshash":"9953c5f4a390056961c683acb272fa25a954e9a7cb06cccef3bc15361f94dcad8c3195","dom_hash":"domhash6d2bf5cb3117aeceeac09ad9b5fcd153","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"falconfinances-participate.xyz/","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-02T12:13:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"falconfinances-participate.xyz","ip":{"addr":"104.21.95.37","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-06-21","domain_rank":0,"first_seen":"2026-06-28T11:31:25.056744Z","last_seen":"2026-06-28T11:31:25.056744Z","alert_count":10,"request_count":5,"received_data":617988,"sent_data":2568,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"falconfinances-participate.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-28T16:25:24.052156Z","times_seen":380760,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"falconfinances-participate.xyz/","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-28T12:13:31.181Z","timestamp":1782648811181,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"falconfinances-participate.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 01:37:53 GMT","end":"Sat, 19 Sep 2026 02:36:18 GMT"},"fingerprint":{"sha1":"04:A1:87:3F:32:AF:AD:90:43:7C:3D:B3:3E:52:1D:F5:61:FA:4A:80","sha256":"10:96:2C:72:EA:EC:78:CB:04:0F:C3:E4:BB:F1:44:52:BB:46:12:B5:37:81:40:CF:DC:75:9A:A2:98:66:47:7A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: falconfinances-participate.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sun, 28 Jun 2026 12:13:31 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Sun, 21 Jun 2026 02:06:42 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IAtSUL6whBH2MOYscBxRDTMBhikmcuK3xjxZKwUaJRD68DuWbPQF9KDi%2BHaZt9DPLADKsD1W1eBYuL%2BwVlLZ0ZvpytF8Rn6EKL5ZAq11g%2F7lnQlHUvsafEoSnTPN9mNy7E0INYlBGxxgq5fHd3libUM%3D\"}]}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 2549\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: zstd\r\ncf-ray: a12c9b1e29d7120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68142,"size_decoded":14099,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1251)","md5":"8da31a6df36e803817bcdd9c4cac9350","sha1":"cb97d20f96f1ee4d8a06dfc94de3e57e4f987c15","sha256":"13c1801a287abce61d7d53cf79cb2a07368dbdea9e2c675f2c3cb169e18da790","sha512":"7cd9b204be98b2575876360deceb158eb7f8355244164ff79ebe93918a3f540762bc478ef7cf5bc79763e7d6815b73b0fc2b997a89e2f2c5d54865b256482830","ssdeep":"768:yVHWy4lDQzEeocoZ+Z7x7oL4cVqKQu1uFuhQSG1gb5yoWv4zySY3Er+O0B/vVFcp:8HWF24quGAulUfWFk","tlshash":"2563b3f4a3a001a961ca83acb273f619a914e9b7cb068ccef3bd15361f95dc9d4c3195","first_seen":"2026-06-28T12:13:55.769755Z","last_seen":"2026-06-28T12:13:55.769755Z","times_seen":1,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":33,"connect":1,"send":0,"wait":14,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"falconfinances-participate.xyz/style.css","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://falconfinances-participate.xyz/","date":"2026-06-28T12:13:31.480Z","timestamp":1782648811480,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"falconfinances-participate.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 01:37:53 GMT","end":"Sat, 19 Sep 2026 02:36:18 GMT"},"fingerprint":{"sha1":"04:A1:87:3F:32:AF:AD:90:43:7C:3D:B3:3E:52:1D:F5:61:FA:4A:80","sha256":"10:96:2C:72:EA:EC:78:CB:04:0F:C3:E4:BB:F1:44:52:BB:46:12:B5:37:81:40:CF:DC:75:9A:A2:98:66:47:7A"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: falconfinances-participate.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://falconfinances-participate.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:13:31 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Sun, 21 Jun 2026 02:06:42 GMT\r\netag: W/\"6a374732-45882\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 2549\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JdNbQSHPwt3YGeMkjMSuOKj8gD%2B8rHSk9YIosdJzmARs7YpMEEbX%2BnsfaGL0Cs1Go03gDVZTQ%2BnF53qCOgHiK%2BArRQIrudN4VuH7qMgR8LH6MmTbvrkqsTQ0b%2Bn2GLeE6V8VURzDSHXshc1DlTMpuOY%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\ncf-ray: a12c9b1fcc4956c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":284802,"size_decoded":91463,"mime_type":"text/css","magic":"ASCII text, with very long lines (52321), with CRLF line terminators","md5":"e679a1c445e1f2cc530d8dfd20976f3f","sha1":"945645a1dd89ddd95ec65cc7a1da1b60f65cd082","sha256":"7a19b45aaca69ed501f17618fdba8cbdaaacf2c509700efcc5b508869e735ce8","sha512":"e15bedc7243214cbb208bf90e1bb7eee2eaa800e455c79c08b3527a2a4e7efb2e2c9032fd27d1de94af89dbb22f75153280307ac3998485d21e540e36f20218a","ssdeep":"3072:2Z3hLeTmkuyMtVLaOJ4xHUI+HRNNgmOiUzWgxNjskgs/:2Z3peqeMtVLK0I+HRNNgmOiUzWgfs8","tlshash":"6e54d83aa213e6b55c332739dfea900cff562067c96586a8bedc21014ff42b59940f6c","first_seen":"2026-06-20T09:59:03.424426Z","last_seen":"2026-06-28T13:51:56.518452Z","times_seen":17,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"falconfinances-participate.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://falconfinances-participate.xyz/","date":"2026-06-28T12:13:31.484Z","timestamp":1782648811484,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"falconfinances-participate.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 01:37:53 GMT","end":"Sat, 19 Sep 2026 02:36:18 GMT"},"fingerprint":{"sha1":"04:A1:87:3F:32:AF:AD:90:43:7C:3D:B3:3E:52:1D:F5:61:FA:4A:80","sha256":"10:96:2C:72:EA:EC:78:CB:04:0F:C3:E4:BB:F1:44:52:BB:46:12:B5:37:81:40:CF:DC:75:9A:A2:98:66:47:7A"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: falconfinances-participate.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://falconfinances-participate.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-type: application/javascript\r\nexpires: Tue, 30 Jun 2026 12:13:31 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0Y1jyPc9lJaehuW14TIC3VnqL2K4xi9i1HFUB0XUbc%2ByWwADE1atgKPe6yVN%2FwGroddOJgkBwMCwFWS4GYaHY956E%2BJ1P8a2a%2FbuGcGrRM%2BOHECphHjKI%2Bv8rYl4VYqFEhd2sY7HtUEsizvlkakcH4Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ndate: Sun, 28 Jun 2026 12:13:31 GMT\r\nserver: cloudflare\r\ncf-ray: a12c9b1fcc4a56c9-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":1316,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-28T16:25:24.052156Z","times_seen":380760,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"falconfinances-participate.xyz/assets/bg-1.png","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://falconfinances-participate.xyz/","date":"2026-06-28T12:13:31.542Z","timestamp":1782648811542,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"falconfinances-participate.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 01:37:53 GMT","end":"Sat, 19 Sep 2026 02:36:18 GMT"},"fingerprint":{"sha1":"04:A1:87:3F:32:AF:AD:90:43:7C:3D:B3:3E:52:1D:F5:61:FA:4A:80","sha256":"10:96:2C:72:EA:EC:78:CB:04:0F:C3:E4:BB:F1:44:52:BB:46:12:B5:37:81:40:CF:DC:75:9A:A2:98:66:47:7A"}}},"request":{"raw":"GET /assets/bg-1.png HTTP/1.1\r\nHost: falconfinances-participate.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://falconfinances-participate.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:13:31 GMT\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qj6M76O%2FQ%2FjoLaWQ%2FQGLcGHu2V0hERDbPSz9Yv7S8CdnYKIHsCGm6LNlZk9lhksQ%2Fqy6e4Smd3%2Bs7MJin2wkfh1KWBerJk5ph75Lsn0SeEAxoK%2FTuhr0v0a300E63SGqeKGDr2KlWI44FtlH73FJy%2BE%3D\"}]}\r\ncast-mode: default\r\nlast-modified: Sun, 21 Jun 2026 02:06:42 GMT\r\netag: \"6a374732-161e1\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2549\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncontent-length: 90593\r\ncf-ray: a12c9b202c4f56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90593,"size_decoded":91557,"mime_type":"image/png","magic":"PNG image data, 1751 x 739, 8-bit/color RGBA, non-interlaced","md5":"5d7fdb33498ad739404959a3151ef0e0","sha1":"c269fde9054863cb36ddc06f9a7589c82f499a59","sha256":"7ebfc365ccfbcf07e1b14a25f2139e326352b139ab252cdcff419d2c3c2f2e31","sha512":"c7499e496416614352e6a18cc7b1f431e9e4963b6ed78ca1ed56df24bdb822f9166a54bbd489ed38c0310a8c92f07d1bea51fcfda1a6e0c1e4f5f9b13ea199f0","ssdeep":"1536:0ICg0fUBUtdpygLOJQQe2gh/htmDMTZs9UZ9gWjv3V+u3g5/:scWtjDQeNhJtKMqgtC","tlshash":"2693f357b26320b6e1ee28453175381e01327c72b101ee03f28666febb36b755d75ea8","first_seen":"2026-06-20T09:59:03.419744Z","last_seen":"2026-06-28T13:51:56.552104Z","times_seen":17,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"falconfinances-participate.xyz/favicon.ico","fqdn":"falconfinances-participate.xyz","domain":"falconfinances-participate.xyz","tld":"xyz"},"ip":{"addr":"104.21.95.37","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://falconfinances-participate.xyz/","date":"2026-06-28T12:13:31.664Z","timestamp":1782648811664,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"falconfinances-participate.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 01:37:53 GMT","end":"Sat, 19 Sep 2026 02:36:18 GMT"},"fingerprint":{"sha1":"04:A1:87:3F:32:AF:AD:90:43:7C:3D:B3:3E:52:1D:F5:61:FA:4A:80","sha256":"10:96:2C:72:EA:EC:78:CB:04:0F:C3:E4:BB:F1:44:52:BB:46:12:B5:37:81:40:CF:DC:75:9A:A2:98:66:47:7A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: falconfinances-participate.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://falconfinances-participate.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:13:31 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BSxUwMidt2xk3brySbwNTRb38oJobgKSQcVXcIfrMGuQaVZFDUSmtx1YC0d45wG7%2FFNYLwpXrvqUeHaO%2FuInY2APtBWiNE3FytTG5Z89V8lLjTxKU6dLoyRA9xXPhYACH7AXcwlbMda25vIZ%2FTu0EMI%3D\"}]}\r\nlast-modified: Sun, 21 Jun 2026 02:06:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\npriority: u=6,i=?0\r\nage: 2549\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\netag: W/\"6a374732-2936c\"\r\ncf-ray: a12c9b20ec5956c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":168812,"size_decoded":17503,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"d69fe2047c06402725167c8f1f39fb62","sha1":"8566d8676d96160e5f70c1839b39cb73c7ffa55d","sha256":"a689f9df3e75572d92dc0e602bbcc243aba31931fde7413176931bf59a12c344","sha512":"5ce8a569f4285f8e79e747009eaaa9a270c5f76834162efda0994c475655bc430a6e6bc3a77a69ae0e106ce7b024fd1dbcd791ee48876cc366fceceb2888e458","ssdeep":"384:q819crft39daUCFAy5P0dIxlP0D+wtV7qTZvRR6lBslG+gfVc/QRjisn2RcQ98Jy:muSCC/M9s+L69sLoQCwU0HNCrUisym","tlshash":"c2f394923a05cc8fd87a24fcd891ad84764f79e894510bc35a179c78e6afd6313af087","first_seen":"2026-06-20T09:59:03.421384Z","last_seen":"2026-06-28T13:51:56.548419Z","times_seen":17,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"falconfinances-participate.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}