{"report_id":"d8d0c961-8e86-476b-ad6a-484acd36e7dc","version":6,"status":"done","tags":[],"date":"2026-03-18T15:19:20Z","url":{"schema":"https","addr":"claim-xona-agent.com/","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"104.21.40.200","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"claim-xona-agent.com/","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"title":"Xona Agent | x402 Creative AI Agent","dom":{"size":67520,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5915)","md5":"44836217571f1ea07c4f46a9d753f227","sha1":"6c11e7a5f4dfb2cf20686224150efd356539ab51","sha256":"f120834f6e9672a9f2d25cf0ddb063561497a557e74e0929bfd4cc9e0c3c3de9","sha512":"6d30885071f305a649006d64cac6f86881c9ef711a1d1a1854d9747181750e1dc376174cb993b88ff9c153b7edb685c787cac4f8d842e879ed794e476a17dcaa","ssdeep":"768:tkNpCxPJkHjyOpKc+uNWplMkAHUVtKtckyCI4PJwGU+cYsCDNDEyqt7u2:tdbkHuOpKc+u5ROCc0RDNDEt","tlshash":"4663d87062e4182e53178769b3a5fb6a52acd183de1f891cf6ac01b15f42dcbd93329c","dom_hash":"domhashde56067d7714e47084dc177c0d50e2ae","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"claim-xona-agent.com/","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"104.21.40.200","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-22T15:19:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"claim-xona-agent.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":42,"request_count":21,"received_data":1429268,"sent_data":9728,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"claim-xona-agent.com/","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"221442757061dd68b0582f89c364021b","sha1":"7590aec53bd5454f729caa1c0d3a1eb4acd73dd9","sha256":"2dc0a71a0536fed77bf7282128956265f62bf7417ff3521d5ba2deb2d0b3f43a","sha512":"f001d0fa62f2cab3b11da774e41d2ab58032af56518404e515c7782ad391945bd4027cf6da4314f9128343791364a3b0bf98b12f57935ea13971c2c63722fb17","ssdeep":"","tlshash":"d9c022a081a049a40b4804e72070a7e130a058382046908ac2b84a4e8a4ce804b48518","size":186,"data":"","first_seen":"2026-03-18T15:19:26.009414Z","last_seen":"2026-03-18T15:20:21.305413Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/secureproxy?s=%2Fipfs%2FN3-E-we4EQog22p8TTVokQ20b80aee708071e5d0220549555bebb9%3Ft%3D1773847138919","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"746413392c321425def3d27ffe4d81b3","sha1":"df46b909af1a95dbd5937466fe4d28f45525a6f3","sha256":"bd3686b304fea40c86027939a17a3ef0640748cb0dd76f4279929e4fc1494604","sha512":"1ba7783a94bb77c06c451870538670753adf30f5a758a1e7374d13a87e68474f8b422dd47d9c3a75d70190619c2bee3f6cb5b629547899f0e7d30537e5286c99","ssdeep":"6144:qh5gDz6Euno4xvlISDhTl0WHvfUp+v+9J87XGQOwOyyGpMy:qszZunzvlzSWP8p0Q+Bz","tlshash":"cfd499c08b4c357364802aea15fb446fdfdc0de82e4be8536bd098b5e379b8351e5998","size":634343,"data":"","first_seen":"2026-03-18T15:19:26.007415Z","last_seen":"2026-03-18T15:19:26.007415Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"claim-xona-agent.com/payai.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /payai.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 56359\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-dc27\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FeuY1J2pJhlkTVzVB2beRkbPXV8NWF96m3HGBmuYiHGUEgZxKteqQGURhZsO7TLHkTR5nEZAUddrV5AIlPkuEtY89e6OP%2Fmec3rBA3%2BGrRV0XGvA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc2135cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":56359,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 284 x 284, 8-bit/color RGBA, non-interlaced","md5":"9e319462e8861641389888a67238070c","sha1":"87b894abe71bc87987896dc886828d183b023377","sha256":"0b8520510a4ccf011501106a769226f01303ac6968c9419097cfafb8f38f1ead","sha512":"5475c73e7d36ce2ba30390a63dc6ebf88cdc008a03fc465a0be5fe4fe98fc2d7ba7dc7861d7679888bbf0f37ec4a64704d941c4f131c43aa426b474e119ab484","ssdeep":"768:RDhlJXK9sTvZH1szY7qzDWgeUpZMDVLHz95nn4HCwDoDIdQT9DP/EQp9lB/9bP4h:y9sLMYMJlmLHv4A8dQTBP/tlJVPvBS","tlshash":"f043f2b3bafaf124f893556e0a709a4644e8add186c70d493d7c3724c38576e21ba2e4","first_seen":"2026-03-18T15:19:25.988952Z","last_seen":"2026-03-18T15:20:21.293733Z","times_seen":2,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/syra.jpg","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /syra.jpg HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15594\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-3cea\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MpNLqGxfwAn%2BcNm%2F7JOaJa0Nyve%2BAgJqfez2YA9MvHL4KT%2B9lDMNipw%2Fjn4%2BwdJeMcE%2Fv69U7GuLi%2Fi4jMCo16NygpCxdhVpgI23P%2FTvrpoXLK4b\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc2835cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15594,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"de3437be4efebb6ac8485e639d3421c9","sha1":"c7a775160d0beb1202084049f6ee3736425a403c","sha256":"e2085aa890f48f43a27ec871389fca1ff2767019632f852c8758deae57bfeec7","sha512":"6fb02c67b1677f07aa9b101b271a36b9a011e00a539c5ab3203edae09a47b6b30c4712bef3dd4c77b938bd3dcfc16d5c5fa56fe5aaf56fe67d29761c925fe2bd","ssdeep":"384:sKgnZ5K/58+eP64CCJYsJC4KVpLHNqtOY7nYD:unZA58d4sJhKVp+O6YD","tlshash":"2b62cfeb57909be3c5af837724a0db24d3262c64d045834dfc9b3d7a53a94c08da86ec","first_seen":"2026-03-18T15:19:25.989976Z","last_seen":"2026-03-18T15:20:21.304048Z","times_seen":2,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/secureproxy?s=%2Fjmpd%2F","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:19:00.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"POST /secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://claim-xona-agent.com/\r\ncontent-type: application/json\r\nContent-Length: 1420\r\nOrigin: https://claim-xona-agent.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1420,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QBvgIgAy8AEQDeArQCIADxAhMAAAECMQMAAO8nhn2XtsKCAd8NTPA8bzfJo7k3GGsCAADPP5KC1cIflKw-gMP98VYu5xChiw2dQzTY-pjGZwk-V1ITCxvfDL_VWSbfhNYxZ8VV9AzTWxCsKrTAYPL1HMH5CpPqOFXPn8IDwbwB3_UoPI1uf1J9ojDKeNx7_CCEZWlNIFACf35IZ67cATqQ1Ehjf3uBXwViy7XYwCqw_SJ26B4dUZL2jifUpxbEkFJb_PWqXcJJ_LFN6LtKvWYxbdBBfqEVVOh4GLxfIo_8me4c4Zh3eKtxoYjbV1KJuggrDXHxJinriEi8OO6BVwMOaRewulDDp54nc8Kt_1EZi3AjlG65hWaazLXXrNnrgIQ8Kth-Q_e-hmNRU8Y9Qb4FEUJB-FKZBD-q5qWmAuXPYoe3JjcW747Tu074sGXxe1gWQnaifGXy2x_MB5bXG0ynBUn5-T8SoklhtJw8HNqB5xiOagJqdgo0ycLIfOCCqwd_btWaXL8pZO_b7h7l2o3_0xVkR_KcAYvRTOpDVLHUaGTQykEbfiFRW34EwwRvQw6uZpW7SP-ypMWXVqaZIF-raxwpygH0iB68eCjmCBHOKfyV-_kbZVC7f-ZXjheYtOxUYnb0tDfV8ptUMxvIcLfkOv9sZJJL0sWZvkZ9FnoBPxtWa8NzhlVWWFlHoFIprHQ-aeRnk-aRQwklvsQ6rQKlWNXidgqx0UbLd10Y2bChXnb6XHP5JsR50bKiMITsX_mmP0zo7TZppcCYaIbn2oAQF4rFBEJF3M_500Nmk3s9sgMqfVVZdw6piQFc0FGHMer8FYoMlPiCHvMYl0MNmfsKGGb1Pb5lxaAGrHzy7DBVJrfolVacJ1j6T0f7KyG7IUS1XyFjETTOVOTFVdVhUueQMiFjgN8EncmjRgpw5Ir0W-arHMaKb0VvR-EHR3TAld3EsO7XRTT6SvraU0L-5NrjYgp73J-mDG3qHlDSymaUa4JI222ZlYX-8R2xIIDxJMuAx29JPBgnfHSUC8m_QLj9ZPBI0Q3u17XrFBuBbPJw-iOAIRwaeE9tjobFP6gBoLsfUe6Sjb4bAN-zFfzMRDj5mHjD2bQN8nUyG61ybnkg2a1esVCzRUySaDynqv8Ekw9lcMAG8UwwPVIQWYo2V77Oxbvg7OYhOSHkeoUQ\",\"challenge\":\"eyJpZCI6IndXTFE5UTlsUUlEb084UENlOElrVHciLCJub25jZSI6Mjc4LCJoYXNoIjoiMDBiNTlkOWQ2YWQyM2FhYmFlMGVkNmZlMTMzOGVlMDBhMDhhMDUzMzQ0NTM3YTQ2YjRmZGNiYjQwYzliZDc3MCJ9\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\ndate: Wed, 18 Mar 2026 15:19:01 GMT\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nx-ratelimit-limit: 10000\r\nx-ratelimit-remaining: 9999\r\nx-ratelimit-reset: 1773847200810\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 204\r\ncdn-cachedat: 03/18/2026 15:19:01\r\ncdn-edgestorageid: 883\r\ncdn-requestid: 1bdc71e84f3ce3143e2889aa0e3299e4\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Hl8FhR44i8fhseaTk0NiKEyUt7ZYBW6QXByiis0G9XC1IbBKX%2BYd%2Br6G%2Bn9YzV0MQ00Fk26mWg%2F%2FQtcasKL50MPhHx3aHH5LJbDeaJZvjG%2FZ9WmF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9de53695199435cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":797,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":797,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/8a80e7184ad3a13f.css","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:58.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /8a80e7184ad3a13f.css HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:58 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: W/\"69b0cde9-86e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GVqBKXNaQIPz532CTsVsYnSEAVJR9I4mw6m85VUDteLd%2FwKAdl26mKmJM8m5PL7JpDMBFeZ0obWdmjaxdmTxygpN%2BWPuGJgeJSjZceXdvx7QE4ed\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de53688af3b35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2158,"size_decoded":0,"mime_type":"text/css","magic":"CSV ASCII text","md5":"cb3e00d3dcbdb46f08d42289e815c733","sha1":"067aa6ad47cca7a5ea42f15d154c63ccb6950f73","sha256":"920fe1021e4f5f199d2c0b19564a6b174cfaabe76599cb78ad991c95d43c78d6","sha512":"0f7a0ef58a0c5000b6953d9d8cc086f48971566dfd7c60bfdbc9c84198101934ec6922a174ab146911734ef5c82284c53ba4bd60a2ab9dc89a1649cc3a2d3b4a","ssdeep":"","tlshash":"2041c134442ea40a86f78c6331cf7fa3241564269baa126399391abc4edb97f13e0724","first_seen":"2026-03-18T15:19:25.991483Z","last_seen":"2026-03-18T15:20:21.275239Z","times_seen":2,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/x-logo.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /x-logo.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 89774\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-15eae\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HzZFeDNUNyqt557HlfaQB7UidYTgeL5xKC3%2B4%2F%2FfdX6moMWjWLEGdRuduDcZl1GSYZxYsQddE7bg7wcTM7%2BjYCfE7d7GZC7DXTRcaFiHXOu1HoUV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc1435cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89774,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1023 x 1023, 8-bit/color RGBA, non-interlaced","md5":"806d9833e5a6a358ddf4f71d1aae8ba8","sha1":"6f49b358cc2753721f3c2c328f12ef61e19ccef5","sha256":"25b6aa7b17c27928dabcace437d456f16314c0562b91dc5d15ae08ad9789a53f","sha512":"701c8bcfbe6867ae4ae5fac3fbc7bb33630dd9df17e76c792df913a4c8a5aa2146ec16c1b6eec8e44ff1e7d30b58a8e7896c82172175a34c14377d6ad5e66b83","ssdeep":"1536:Yh5/m0WPBDQM5ZDrLhqAuyu1ffkMUNOsJzIggHr6IhDi+bADXxC:Stm0WPhQM5ZlqWoffbrsJzIL6Iti+0g","tlshash":"c793d0ae6260847281ff772271a48c8d56b37892c141fd0a6b8a98fc7f212b55d753fc","first_seen":"2024-01-11T11:25:26Z","last_seen":"2026-06-09T03:21:51.985855Z","times_seen":95,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/relai.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /relai.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 15086\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-3aee\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RdFNElGQ0sIs17pbxp8yqJoIp4G%2FRwOUn0oT1j2bKFsFPn0FWUBP2zEOH5PMd3k09tvcFod0Z2decmSl8PcvdQTPzKOuC1wRcssmoBBHNF2MFUDc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc2235cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/png","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"be85d0fb249958cde66911c442768cc4","sha1":"fcb93941f5179989d066d7d2908f2fcfff132e5a","sha256":"2dcb34d1de5ec801602f7ad066ae4b066e3924a2912ea277d0bb0094bf1ee21e","sha512":"f4b4b6d40a145b1793657c042dd17d6efd088fa919ed24fa9e8198cec754bf6e41e14b296c8894d9aac209c2da3a2986379b9b9215ec70708fe3d57ff8ca52e7","ssdeep":"192:jUuQA/A/ADHTZDv8RqVBSOkQpiQhhhhnGp9AYJMvbid3xe7Kua:jUuQ6+8TZDv80VDViCeSYu+9wK","tlshash":"4b62314efb058d49e43604f9a83152b02b1ab93bf57c4a8179dccc1620bee5e14b99fd","first_seen":"2026-03-18T15:19:25.992934Z","last_seen":"2026-03-18T15:20:21.282422Z","times_seen":2,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/zauth.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /zauth.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 15406\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-3c2e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z7lbn5o%2BZUeUrNq5WMaqAyOIlERnMiDh9scV2rEQte8sgkPuGvLJEgTshwFCqUKWkdWPCIqJvZML%2BiOeLByr0zjEz5BjhIsZsPI%2Fou%2F7hDpoR0Ry\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc2435cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/png","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"b4a14a72374e2ee719437d16f3ba765f","sha1":"759c2b830f1ec6211bf938f8fa7d1a5f49115a42","sha256":"f5264aa910ac3569dfe1f98c22182c165296cca0f101f464ad9f8268f3b15240","sha512":"ec75c20fc66f24af9f51d91dc4aedcb535e40dd71a6371e615a03ac1d68fddd865aa441f56b1f32600f792c78950be85a7cb47405e41897e395b79f64225344a","ssdeep":"96:W3rzIYUqaH5LfNifuk3sC2lrO/95wQEOkHJGgzx9z3bvK:W7zaZLfNifj5wpNfx97bvK","tlshash":"10620c121a18fb0be3547f78e2cae75d9964b5187ff8502bed3a24cd867f34d1896201","first_seen":"2026-03-18T15:19:25.993924Z","last_seen":"2026-03-18T15:20:21.302587Z","times_seen":2,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/x402scan.svg","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /x402scan.svg HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LromQhN8rE4GPjp9d%2FOiHzP5memLNOogQCnz5mFl%2BZzhSrR4j1oOZ0DLuhIqSz0CUWkbx%2BF8u0ZnNoj85WUjq4H2Dg2v%2BRE2kqCBXOwCyG%2BaCo%2FQ\"}]}\r\netag: W/\"69b0cde9-2e8\"\r\ncontent-encoding: br\r\ncf-ray: 9de5368acc2a35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":744,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"685da9378f9da03226cb642816e3b254","sha1":"d9e0c126c5258db326179c613be06bb901fa4e87","sha256":"c8fb6ad51292fc0a34df1b786949cba2036bc1066f66448495c88d96583cf331","sha512":"50d7d919a1a408a44f666849a1bb07de3ff6a37202b6a5f684d8b9fece2883446d10d3f5887af9e658a02b9ff9807fd7e5a0dd9dec3668e870702a6fc833cc19","ssdeep":"","tlshash":"d201fe47d1de4a78690dc326e3cd51a23ad1a057d30401d5f8ed5ba17b08cf00c83d9d","first_seen":"2025-10-10T19:40:04.318195Z","last_seen":"2026-03-18T15:20:21.299207Z","times_seen":6,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/logo-dexter.svg","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /logo-dexter.svg HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OKqEu03WvzFeUOzxc5thAe6t3iGTTraXh%2BWWtAm0vjj1p6d5kspbVkqxidjhoeoOKXYzwVoySHR8M32i663%2F3cSjCYcO1xL0N1BUupOrbIoOTsVR\"}]}\r\netag: W/\"69b0cde9-2142\"\r\ncontent-encoding: br\r\ncf-ray: 9de5368acc1f35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8514,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bc0ce5fdfb1d8b29bfd6a107da4a340e","sha1":"d23813c6e8b1f2d12eb71f95719fa2e364810ecd","sha256":"10d3d2c74d07be3a1388343bd72c6bbae4b153bbab221d350d89b8940354d4ca","sha512":"ebf3965d409350039ab8aa1b17158c199113528d11b5bc157419126139626d692819ce1a6ed579850cd0f1a0805dd5ff886d3a2086d3c8709f223eceeb2de305","ssdeep":"192:tuZbrEeWFvOsrYUwQf3k2z7t/vYOaBUqr:tuZbrEeWFvhfwe0g7t/AdU8","tlshash":"4b02979d837843b4e79d07a4fca629c57a9508e93294bcec83557c82f877ee810198ce","first_seen":"2026-03-18T15:19:25.997404Z","last_seen":"2026-03-18T15:20:21.301027Z","times_seen":2,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/323326cbbbc59c1b.css","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:58.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /323326cbbbc59c1b.css HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:58 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: W/\"69b0cde9-33d0d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=szdnGUgPAH3Cuc2vU2ioS0uVDSKTjnJtceFbGEq6iQwMbX0Pz8sM7IkTTME1l%2BXt85lDROpcNppsbN4wl4sN3%2FUjNUe25SeVdxbvQZY4KYWKEomn\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de53688af3d35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":212237,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"97f1a4f5a9e092ad3abb0023dca54eee","sha1":"0e8164daadbce6728b7f2a9b945002c46cb2bda8","sha256":"a8c5f735fa25ee5c928b813f2d12706214b9b95b99341dc281fec7aa4a32a6f6","sha512":"a9b3c7c4e43c60744568dcc1a21302c61d6a47a26e8e40c2409fa80e6d69e989119e423d35e36da1f168862003b66ad558ae48e9291b0e11a04ce9e1a8ecf7e1","ssdeep":"6144:DzJBhQX6W9N13jafYu3kwQDMKUOrfA7Mno+WDAm+A94dIsleJ7:sDMS6/J7","tlshash":"7124a4a0b174e13fbd27b5fd938cf88ca10ab095dd6947ddfa24a21513c3bf66862904","first_seen":"2026-03-18T15:19:25.998171Z","last_seen":"2026-03-18T15:20:21.286791Z","times_seen":2,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/orbit.jpg","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:58.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /orbit.jpg HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 52969\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-cee9\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=onFoXdlzjAIMInMd9GXAMntOluf%2B06eIbqC0rFkYbc26nm5v8GT3Pkg4R7W4Tj6bsMqAlk0lkP5%2F7AwLkWpIz2mhv49ArW2CKrSNU8C%2BpqZdf3Pq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368a8b8b35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52969,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 936x344, components 3","md5":"c82b59f2b3f8ab66d85179b956a3c535","sha1":"8c5cb8516de1d92a25b82e0e1bcc2c7c2de39a00","sha256":"737aed99a1ed24bf5aade24b1f8327318d3361c6e709e43f2664eb314747a599","sha512":"4692cd6f5344cfdc2c7e5118fc9b67efd4c84c171177b0730a52b5d55800dc87dcbbb36fc2c53a057b3c732ab22c5324f0c8a8217251c8217335643d54d51fb2","ssdeep":"768:tg1QzgfqTm304/5TfHcwPKT+CrsBLeEz/DFzIJmUfvLFmAc:tLzVqFh72+CrsBzaIU1c","tlshash":"3633f10b9b23e0a8cec4c570718278bf875a9edfd16e469873bd9d2160ee0b6c27041d","first_seen":"2026-03-18T15:19:25.99898Z","last_seen":"2026-03-18T15:20:21.296806Z","times_seen":2,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/icon-new.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /icon-new.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 60482\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-ec42\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W2btv8W2NaZHULNWLJeNt8hBUqe%2BSfz8lYaL8NXDON9OxtC0MyEnjKZgtvGcVPzrSgbLQ3UzHgoICpmiJRkxdtAbxnqgvFT1an%2Fz6Y1bjqPFo0cX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc0e35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60482,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"dff6f00b6397847ac900e9bc87bc16c9","sha1":"6c32a9d6180efe94174bbefa1855856d8d88dcb6","sha256":"62f9044bfe4a7fd79ace95ae3227fd8040c128734d81833f67992d1657856255","sha512":"6b981f2c51fcf88f97d2bfd850afb064ff2617fe08883ffd84730363f4d10bce1190db5fde509c84a7642e4a6b1ef9125168d5a6a7b2f5ad8f2781830dcdc813","ssdeep":"768:QzryrL6mm2JyZzCwH4mp1kbrbAx9HGzoZBtSFMugodV/FhJKLY95GAkn3VTnV578:bKp3pevgtSWu3V3NEFtFKhct7Zunpt","tlshash":"b743f12dc4474e56762e3383b8c5f49e6747964471aaf7096d41f0f3cee4c4980a63ae","first_seen":"2026-03-18T15:19:25.999853Z","last_seen":"2026-03-18T15:20:21.289085Z","times_seen":2,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/x402-logo.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /x402-logo.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 6837\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-1ab5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0rTUh%2BahXBvDi7TaEBvK1DTu%2FJx6FmCcaR6uUIt6YRdj5OpQ9C388wC9go2aMBH6tlNBTzIWZb2iDPJkIsnaRzVbuWHohNniRyM7XAWAwP2cvjDs\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc1135cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6837,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 657 x 313, 8-bit colormap, non-interlaced","md5":"2fe7b105c9e82696eb2c1468227bc532","sha1":"32bc5f343c7a7d1ff6b842f8392d7370b7fa7fcf","sha256":"3aa394288fd2ff37159037d0221fc18ca57b3189eb374d0e21a14ddb797ea7d2","sha512":"eb669711c92d12313c476e9f039ea3d4187fa9142276619fe033d8cd3ef60d73cef851d998661787fcfa0df9084c1a573fa49d804a311260d86d5f6a201804ee","ssdeep":"192:FiKrvenRqWOtuGbtXFXIVegJxvfbffLk7:LKnRq7tbt9IYgJxz7k7","tlshash":"e1e15ba63c908e5470cd5011774dbb38120e8c89ab6e8957c18945baedbca1c9bfb3d1","first_seen":"2025-09-27T08:20:39.152634Z","last_seen":"2026-03-18T15:20:21.29063Z","times_seen":3,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/tele-logo.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /tele-logo.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 4012\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-fac\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7654fMGIPVbEA8fZq4hs%2F4PBykQJyitb9DjiSVmidz0i2Ypr9M69GAq1PYdmPdrXgfsBy7amVjV%2FE%2BiQhn3s1d7%2Bx19C%2FdIawUCobXYkJwisn%2FCu\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc1835cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4012,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image","md5":"f67b5dc0f12c25a6869b1be3d9b00bf4","sha1":"fd17f89bde3a58286ec8ad4b04d22e1ed6e6d315","sha256":"97de4892d8d07734c126a0e57d0d5bfc2cf75786a28227b8e5c3ee5ce1968c36","sha512":"c19b138304ffb229ccd88375c374847891f3471d0d64a0d1b49ee6cd10766d0bf9976191018b5615ba1beb4fdc8d8dd07cea25c83aabc08b406c04704a1695b1","ssdeep":"","tlshash":"62817da5683f5bba31a3aec90d7625988cba1f469d63131202e451c1be0c870a3da30f","first_seen":"2024-12-27T00:05:40.812494Z","last_seen":"2026-05-22T22:51:09.817259Z","times_seen":10,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/caa3a2e1cccd8315-s.p.853070df.woff2","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:58.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /caa3a2e1cccd8315-s.p.853070df.woff2 HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/8a80e7184ad3a13f.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 28388\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-6ee4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7j2qwfoxHO9RHJxS1QeCqv%2BACu8XLI8vOCiqqW9NsJu4qCy1zBEd1nx%2Fa%2FlPAf6sJGZQbDCVttNyxuwy023dC4jfK6Rr6%2BLW79s%2FFwS0S1jQiPO%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368a8b9a35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28388,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28388, version 1.0","md5":"18bae71b1e1b2bb25321090a3b563103","sha1":"a636827d1fb47f9fddf94d55ed8f25e85155d1ea","sha256":"a29f900a6d603e989449327956e7ac61ea3e6b26ca7426f64e7cccf2cd4aed37","sha512":"e6560e1f68d236883884afa1fa4c2de5ddd6c75e69ddf1057c97f525015aa4306a14fb56c1526141bf2067d24b2ca72ea78e0e518b2bcbaf162056ee4a2b327a","ssdeep":"768:KD+2Y2za0bgeumM+doeWITKGOgUT3CbeZq:KDFzfKJ+SHIGGOh3CbeZq","tlshash":"9dd2e1a0bb98461d35fe1ba096ed42bf4a1d7f4ded7c1a65093b2b80174d4df20d8c68","first_seen":"2025-09-14T11:55:19.751418Z","last_seen":"2026-06-13T17:32:07.601978Z","times_seen":22901,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":181,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/797e433ab948586e-s.p.dbea232f.woff2","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:58.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /797e433ab948586e-s.p.dbea232f.woff2 HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/8a80e7184ad3a13f.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 31288\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-7a38\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jvg91a%2FS2%2BJW5LB1CnkTt%2B14IFb97BQqd8%2BCbPzVoDxaJ0SyfcgOUAHO6z9FE8Zf8ZBGl7CehJeTTjwYjBSJ9LNsqd5xqPWGWYPZxmH5tMl2Blp2\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368a9ba635cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31288,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 31288, version 1.0","md5":"da83d5f06d825c5ae65b7cca706cb312","sha1":"3820bcdc2e187ff5332ab0d5dc8529f8e10fd574","sha256":"b7ac144b394cbd81052d6397ec0c33397977b1d7e9bc095e744e652a378c6fb3","sha512":"c8b02f1655b30d6fd6e0b3ee92280d175fb0410938a71f625354fe79e009fb2928ed55b45d0000db9e527a388e8f3eb42875c6965c80eb4b03046c50f49ed187","ssdeep":"768:N4C8ya3ZZij3h4s0iIfv/x/tV3167X/27IwwlsUxCkegAeyTrJD7/kX:Z8Pzf3JF67eqlsZXLTrJcX","tlshash":"47e2f1e7f5578489abb26e7102e105d5c5ed4aa105bfd1fb642c70660d3aa0e0fc0b27","first_seen":"2024-12-09T15:40:29.87187Z","last_seen":"2026-06-13T17:32:07.565597Z","times_seen":24180,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":175,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/oobe.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /oobe.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 9021\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-233d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6BMZdc%2BJAWKYkISnzjXH0jRT1GUPcvsQXcHk6V%2BEysRPu5wZEeTzo%2FgcVvSmyMZNYowrSdiTTOepIlpxNvm%2BZRgLy9O74X%2Ft9Ob4YIXAK5fZ3blZ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc2535cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9021,"size_decoded":0,"mime_type":"image/png","magic":"ISO Media, AVIF Image","md5":"63141cb03ef5d9a5772d74a2f60fcf36","sha1":"621f2ed8745b9d40d3f4f6149e047dccab788e9a","sha256":"f7220eef68f8c1cda65fc47cb21dec179a0ca90b314e23ff5132c4f6b26a3c53","sha512":"fc5e9cbbdde79e7c92d93f3b427809ee0d879e464ea68f8f1569ff7eaa42893152882792424ae64a62a31e7693d28602366875fb689691f42d98e7b43fc03e85","ssdeep":"192:rGLNJUtnuAVJTYr++gpI9+qhbhDC09xoWCUEVyhUG1Mc7:riUtf+gpGFdoWUbzc7","tlshash":"c812afc1a232aecad064c5f7d85a8a141104e570da340b083da3f5bbf9f0b9738a46bd","first_seen":"2026-03-18T15:19:26.004418Z","last_seen":"2026-03-18T15:20:21.295308Z","times_seen":2,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/favicon-new.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /favicon-new.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 64680\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-fca8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=58Wq0PILP8Li8x5y7ISaxZRmrZErGpI7njA0QKzvDjKmgFBrqUtlkDL0IXgEtw4L7pFMJJ8WlS36Fqekf0yOYWVPYSNOFoW32XFt0yfYdScrLmw2\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368cf85035cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64680,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x1024, components 3","md5":"e40ea5146e6c0fc14ec3034a5b3c7f1c","sha1":"1e5fb139a336b3aa5904a3cfc6633a05e33a120c","sha256":"76f5238abfb00d18d781a071eb09bc1d8fedfd982548a563efa8c948aa782bea","sha512":"f7a32b4cae249947a0b6ef6fa09d656cfb469ce5f6717f2089ce2444ff7efba01897666a9a8eb0a6520d1e6c23004a4e45525962ba7a891c92c5ea3a249886d3","ssdeep":"1536:Hj+KIfbUIzaK5k8E1eQdUkGgbTl43iTuhiymb1DEag2:KKIlz68E1z9TIr3mR/g2","tlshash":"28533c17cc199787a56883f9be134e5c2f5a6b4de98676ff04224ecf7e242210c8d12e","first_seen":"2026-03-18T15:19:26.005226Z","last_seen":"2026-03-18T15:20:21.283827Z","times_seen":2,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":185,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T15:18:58.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:58 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1in50QmxXICpZLqgERexvCg3H4icZ4a%2Bvk%2BcY8FzYT8ZQofGLDFknxlaPLSyIda%2BS3EBdx3QHAcgPd3T4O2AVEkJ9pfiwz447rGWIqn9QTSuGkhd\"}]}\r\nage: 305262\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9de536875c1b481e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89509,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5915)","md5":"14b17b13143a026f3a659a169b0cc9eb","sha1":"54a2b064dbaf0c5db2fe12d7a4fba335b3d6f93c","sha256":"0ec9e7b8b36308b751cb44447312e40c2e89f6f5397eb16c1f1d40b8c5df0067","sha512":"54cbf1b3a3bbed883bb99ee7fa7d9846602edbc79f67312d5ee94f17812e511696f78800636eddbed0a4c87c6cefac27d0dc16a1f3ade1b4d699abc1d07e7579","ssdeep":"768:2CxPJkHjyOks2YKmQ5LTwpZ0/vAQ2uiCaIZZAUkos4cQJtdYP6XVGe:lbkHuOks2YKVeAN2Y1JtdYY","tlshash":"9c93b7b027f119ee421f867ab9f6ba2a0659e143da1b4c1cb6fd11701f05d8ac97339c","first_seen":"2026-03-18T15:19:26.006126Z","last_seen":"2026-03-18T15:20:21.285294Z","times_seen":2,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":94,"dns":62,"connect":8,"send":0,"wait":21,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/secureproxy?s=%2Fipfs%2FN3-E-we4EQog22p8TTVokQ20b80aee708071e5d0220549555bebb9%3Ft%3D1773847138919","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:58.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2FN3-E-we4EQog22p8TTVokQ20b80aee708071e5d0220549555bebb9%3Ft%3D1773847138919 HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"9ade7-30a5Ca8aldvVk3Rm/k0o9FUlpvM\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=G5e0XOC-yI_3KrbLQ0pwQA.js\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 03/18/2026 15:18:59\r\ncdn-edgestorageid: 879\r\ncdn-requestid: 21c2bc42ae350990dbddc53fc0a05f31\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CUAOQD8ahRR8mguLP6LACr5Cmv1N4rQmTgbXojDeXDEJcWXqExiGyZh2Myrk8Vo%2FWPjWMmU5ecA8NLgbOoS8uGgrjo6Egat5a35Ov9sqhNn90AAp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368a4afd35cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":634343,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"746413392c321425def3d27ffe4d81b3","sha1":"df46b909af1a95dbd5937466fe4d28f45525a6f3","sha256":"bd3686b304fea40c86027939a17a3ef0640748cb0dd76f4279929e4fc1494604","sha512":"1ba7783a94bb77c06c451870538670753adf30f5a758a1e7374d13a87e68474f8b422dd47d9c3a75d70190619c2bee3f6cb5b629547899f0e7d30537e5286c99","ssdeep":"6144:qh5gDz6Euno4xvlISDhTl0WHvfUp+v+9J87XGQOwOyyGpMy:qszZunzvlzSWP8p0Q+Bz","tlshash":"cfd499c08b4c357364802aea15fb446fdfdc0de82e4be8536bd098b5e379b8351e5998","first_seen":"2026-03-18T15:19:26.007415Z","last_seen":"2026-03-18T15:19:26.007415Z","times_seen":1,"resource_available":true,"data":null}},"time_used":812,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":741,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claim-xona-agent.com/discord-logo.png","fqdn":"claim-xona-agent.com","domain":"claim-xona-agent.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://claim-xona-agent.com/","date":"2026-03-18T15:18:59.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"claim-xona-agent.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 01:07:07 GMT","end":"Tue, 09 Jun 2026 01:07:06 GMT"},"fingerprint":{"sha1":"04:88:2F:E5:FA:25:62:23:0C:05:60:2B:C1:3D:FA:1B:37:0B:66:25","sha256":"B4:85:F2:D3:94:61:CB:E0:FB:61:DB:CC:14:4E:40:22:10:69:B8:A4:0D:DB:8D:2E:A8:E1:04:04:92:32:48:C5"}}},"request":{"raw":"GET /discord-logo.png HTTP/1.1\r\nHost: claim-xona-agent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://claim-xona-agent.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 18 Mar 2026 15:18:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 11712\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 11 Mar 2026 02:05:29 GMT\r\netag: \"69b0cde9-2dc0\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rpbzn7PLzxgYOtr7geeqSRcKnVDPpTNJ6Ra7eCxoTfpXpcs72dXFKiySMrwmeW6Crn1bl3PiCZ%2BhjCBQzXh2r6Ujw%2BXjV1sdQIspEr4SP1tBIl4%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5368acc1935cc-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11712,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"ecbd7802116661200822a164874d5f30","sha1":"27c1e11c2ade508cd3012a4fe087bec457b22265","sha256":"eef3f9f9af2fab2c7b0a8b9d84ce07f72d2211f008e909f62823cb33ca9a178e","sha512":"6220e65b6e8ef63e64a18d176d6cd487a43db68591ac3a73d3bfb35823280538c450c4bcfce6e2ef63551556c559d1103901feb2c467633b3a6a5f3741180db1","ssdeep":"192:nSEYA9Wv3dXl38wf/ukvExVl9jrkv76JUQou987oMTQ2kp1EttZydAhYG7:SEYD39R8wXZvEx5jfGQaXV57","tlshash":"2232afbc89b5ca282a6bf89d3db887e8a1fd0572f7469cf4190220a6475a39049535e8","first_seen":"2026-03-18T15:19:26.008421Z","last_seen":"2026-03-18T15:20:21.280825Z","times_seen":2,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"claim-xona-agent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}