{"report_id":"06f4af88-efc1-4f32-84a5-6462a75b8c07","version":6,"status":"done","tags":[],"date":"2025-11-30T23:32:11Z","url":{"schema":"http","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"title":"Free Porn Videos - Empressleak.Xyz","dom":{"size":67550,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9208e9b40efd3a6b4500e89053a67f5d","sha1":"2abec8c83e25669d1886de5ecc936a63c4ed220b","sha256":"869e70cada9ac0179f2b68300bddc7fdf4fbfc4b01e835a52e2292a4732c8b2f","sha512":"d3a2a8562ff4597327c05b4f0dfd7f28b240da6798546bf31d2981d80bc110ee8652bfe0f7e4597e7c566b56917d1a22b0325340c23a4fa990503c3e720e4131","ssdeep":"1536:SpRpGitiXbObsHuHvFlFBFPF8W96xlYsuLM0+8n9:SpRpGitiXbObsHuHvFlFBFPF8WguLM0F","tlshash":"6c63ef5a2dd2114082464369a3fe6b28271c45c3186ffcf9b3e215ca9f45a7c73ea25f","dom_hash":"domhash37fa84df85cae22f54658f4955cb225f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-04T23:32:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":25}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-11-26T14:07:32.683098Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":422,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"18.159.69.184","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-11-25T17:43:17.257249Z","alert_count":0,"request_count":2,"received_data":856,"sent_data":908,"comment":"","tags":null,"fingerprints":null},{"fqdn":"use.fontawesome.com","ip":{"addr":"172.67.142.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-10-18","domain_rank":6983,"first_seen":"2017-01-30T04:43:25Z","last_seen":"2025-11-30T23:03:28.158395Z","alert_count":0,"request_count":3,"received_data":203022,"sent_data":1570,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"meantimesubside.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-08-14","domain_rank":0,"first_seen":"2025-08-24T13:45:41.730129Z","last_seen":"2025-10-10T18:11:35.34297Z","alert_count":6,"request_count":2,"received_data":189866,"sent_data":912,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2025-11-29T02:14:17.483468Z","alert_count":0,"request_count":2,"received_data":4558,"sent_data":980,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-11-26T02:27:57.618223Z","alert_count":9,"request_count":3,"received_data":1590,"sent_data":2313,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-30T22:13:37.547558Z","alert_count":0,"request_count":4,"received_data":163852,"sent_data":2216,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-30T22:14:19.793229Z","alert_count":0,"request_count":2,"received_data":34862,"sent_data":860,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-11-24T08:34:43.339132Z","alert_count":42,"request_count":14,"received_data":499280,"sent_data":6382,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-11-26T07:38:15.50569Z","alert_count":9,"request_count":3,"received_data":257868,"sent_data":1251,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-11-30T22:18:20.693037Z","alert_count":0,"request_count":1,"received_data":21363,"sent_data":491,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-11-30T22:21:59.282818Z","alert_count":0,"request_count":1,"received_data":86941,"sent_data":461,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2025-11-28T13:58:41.37683Z","alert_count":3,"request_count":3,"received_data":90225,"sent_data":1401,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-11-30T22:18:20.15509Z","alert_count":0,"request_count":1,"received_data":20344,"sent_data":516,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-11-24T03:39:14.34468Z","alert_count":50,"request_count":10,"received_data":13113,"sent_data":9185,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.empressleak.xyz","ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-08-15","domain_rank":1269846,"first_seen":"2025-08-24T13:45:41.752101Z","last_seen":"2025-10-10T18:11:35.508355Z","alert_count":57,"request_count":57,"received_data":862190,"sent_data":29792,"comment":"","tags":null,"fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Bootstrap:4.1.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Popper:1.14.3","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"BootstrapCDN:4.1.3","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"realizationnewestfangs.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-02T06:26:57.543488Z","last_seen":"2025-11-24T21:03:32.776579Z","alert_count":18,"request_count":6,"received_data":129938,"sent_data":5828,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"stackpath.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":21970,"first_seen":"2018-04-05T04:41:29Z","last_seen":"2025-11-30T23:30:40.429836Z","alert_count":0,"request_count":2,"received_data":193876,"sent_data":992,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-11-30T22:16:05.472311Z","alert_count":0,"request_count":1,"received_data":393430,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-RCPYBL52QP","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9d2f121d46a72b0b444d6edabf7a056e","sha1":"173302193865ec84721c6b1cfbd279d0e3e175a9","sha256":"609b51d96bb514c48632edf0e96958beb64f376a4b610a76c251e800fd604b18","sha512":"65525005948a96f482f49306286d274a858f6668f456b47c29fe27c9ab8e2c2ab58afa57ceb38c35d63fab4b4db5ce8d800f677ea06adf9684afd13d1b9bf5b3","ssdeep":"6144:+PBUKitJeUI2XVUULUVWo6O7GQEO7R2lfoOr+3X:qDi2UnVUUtO79","tlshash":"a88409ce73d674265396f478502f018ba57b28a2f44cc899f189cde52e70a9a4277f3c","size":392826,"data":"","first_seen":"2025-11-30T23:32:22.157063Z","last_seen":"2025-11-30T23:32:22.157063Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"05e51b1db558320f1939f9789ccf5c8f","sha1":"c72c1735b4d903d90dd51225ebefb8c74ebbc51f","sha256":"702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb","sha512":"ab3ad9a98fe431508461ebbf8029bc536f34d16cfef8b4c62b8a62b56fe2b30a426e3c3186c994c2578bd585da1c89a9b421c6d2f27053b2f2ed13b0dd9428c3","ssdeep":"1536:3dhEyijTikEJqRdXXe9J578goJsWXdLVhNLKz4DTAjnWotoZqwsRmKKH7UggYiTv:2Qcd5hNLxTwn3t0iUHiTDU8Cu5","tlshash":"4383e6d9b2c670529b7730b850bf450bb17a98dab44c8da0f068c5d47eb4a8d907bf2c","size":86351,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T09:50:56.382081Z","times_seen":9688,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"meantimesubside.com/96/4f/58/964f5885584fb9f9ad0858325aa50535.js","fqdn":"meantimesubside.com","domain":"meantimesubside.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"018d8c8617f8569e4b09f045b8c1db16","sha1":"3fc1c038284ee3df0b79a1fa903c413f52fb1979","sha256":"3e907e2a0acf0dfbf739da14c793305b659fd0a36dc4bebbd767f41457ebf59f","sha512":"123032d2b6e3bcf9504f44e6eb66aee2c7566765f34ad9c78278a87b05b34f22d959548a6314ad0c470e28872de9eeda778583d7eb735ff7471054fb5e19503f","ssdeep":"1536:mJBDuuYKb5yrHvXp2mbVKBw591hyGoitf68hK3vZEvF:mJJnYKb5QEmbV11hyG5tinZE9","tlshash":"fd83e6883f51b09903d76077222feb8bf12edc10109ee444d623e5d97b6834ae5bbe65","size":81588,"data":"","first_seen":"2025-11-30T23:32:22.194924Z","last_seen":"2025-11-30T23:32:22.194924Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fab53179a5d8dc364304e3e20aa198e4","sha1":"0f20a511977f9a6410dd166fe940f33110275f14","sha256":"ff980bd48ac97f105c843ba9568c01ccf63da6136f222eb674222526fb1315cb","sha512":"d9744acec70af68194b07c9fff7a083439f6e424ef23ed4c15631e398440066abc41fc73e0f959e4007804c633393d3e95f46fd5420c38be43d0e06206da8fb0","ssdeep":"","tlshash":"671148369716044e45d14579a13cecc2d8b504d6327efc49576fe09c2b8cddd17f9a21","size":904,"data":"","first_seen":"2025-11-30T23:32:22.21257Z","last_seen":"2026-01-10T19:43:01.887356Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T10:46:39.818593Z","times_seen":330370,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fa2038775c951889314bf7b18b1910ae","sha1":"fbbea37f8228fca0c190d81bc4f673d80d07b274","sha256":"2b086e2289fb4b02bf0eccf0c4eabb1d4c5924d4d4234d69c0e3150610274062","sha512":"d7af2a48edf1485d5c7ce111bcd913650521533cb5c8a46952df64465a907056f6c1b46ab0f340430b67da51dfeb62d4df6464e85927585e1713a4582ffc2ad7","ssdeep":"384:LtmQsDR68MTcHzXFuJ0297+s3isWWof1wP1:pmQ49MTcjMJ0297+s3isWhtwP1","tlshash":"a6c276c5c847c2fc4d79e67980cb1b1702ddf42d03a19e7abbe271fc698d25486a8762","size":26692,"data":"","first_seen":"2025-11-30T23:32:22.213408Z","last_seen":"2025-11-30T23:32:22.213408Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-05T10:20:01.373728Z","times_seen":10422,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"83fb8c4d9199dce0224da0206423106f","sha1":"d8503645c17f9856868a7def3dc0505e19a95ec7","sha256":"f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e","sha512":"95d735b0fbb5159f2c9a0920a7e1f09d8c956f57919f6c0498aac383526a3c46f4dbe122e243730c843453087400954b4058c9a16c06fbbeb8c7bd33cb94efe0","ssdeep":"384:fYn0vf4wzTC9nNbR1PTM4CrBEQxkxpOxvYLmD75zfC5vIfg3rzGp/TidOgHhXjE9:w0vAwzTC/nM4BxpOxv/D7pC5vfzy/TiE","tlshash":"8c92a3dc3294b06647ab91a7a07f960eb1335875610e9410f19df2e97c30ef9613bc79","size":20337,"data":"","first_seen":"2023-03-07T01:10:07Z","last_seen":"2026-04-05T10:49:51.49711Z","times_seen":7291,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","size":51039,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-05T10:49:51.452575Z","times_seen":120630,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-05T10:20:01.373728Z","times_seen":10422,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f004fcf512cafa4b61f5950e99315273","sha1":"af163c76f64ed62a1cbce378c8fa9577a71f82ef","sha256":"969b574748cbfe6ee620eccc15b1bb92660da1684637870d1ee332f05722fdca","sha512":"cbb4859610295074d286b56ea71017e0636b1d481129de8e0104c57267e429641fb31ace98bbec6cfb3dead39c84d1248cdde2fbb87a529fe190975ac8b23d85","ssdeep":"","tlshash":"01e02b241b34806f219a205b767143ec7eec51e7ef0d149251de9f3c7a69c53057aca8","size":302,"data":"","first_seen":"2023-03-07T01:43:05Z","last_seen":"2026-03-31T14:48:07.806287Z","times_seen":296,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/js/jquery.rotator.js","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f39648a2e20d505526d8833191a47b14","sha1":"3f3e4b96d6289e1aca1dd382570594e0cad7f0c3","sha256":"ac750c411915309e6d642fb5555d2a1fe2a0bc1aa8de6cff5acf3a5c5c485bcf","sha512":"9a463ce8d2a16d8c67fdca5604a22efebb3bf2197c72e321b66562e237623a45612e6b078d94e9c0b339c90a1af12405bcd3b12979badb963878d310bcc34c5c","ssdeep":"","tlshash":"ff6120817636a65f4622b3712e3d0544ba6ec4724241d918fd3e94a88ff136943f6ff8","size":3278,"data":"","first_seen":"2023-03-07T01:43:05Z","last_seen":"2026-04-04T21:34:36.071258Z","times_seen":191,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/js/jquery.main.js","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b644de1964da84e658427eefac4d6a7d","sha1":"31ae41c6a1fe2bd9cabd27672d9c1f2f3842165d","sha256":"bc624d5946daa2e2c7ac3cf7dce07527637d5fafdc2b66c75a36be7f5dda0c85","sha512":"11a71a0ccc7ab9addb2c8f50fc7d85a751cb2300ec210f09200f2762d5760049d41c039fa9c7c329f25c806edf95d383035ab9d04141a95ad3652e8a84ac7412","ssdeep":"192:K5hjaJvkdwRhjLJvmdwg6jWFVDt8S9Oy8vS:K5oWClw4e87pvS","tlshash":"cde12f44f1993baf98b7b3bd4abf37476b2cc8b3c201099c7972045e2b64c60275664e","size":6981,"data":"","first_seen":"2023-03-07T01:43:05Z","last_seen":"2026-04-04T21:34:36.066402Z","times_seen":202,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/c0/35/7c/c0357ce07e8d73dab31372a114d5762a.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8daf3c1b88c3bb1f421ba11dfa7310dc","sha1":"4b330cb0b1687a3d7d11cd31606fc331a0ab7569","sha256":"060ce1ad264180c00815d5b90586a731f8cd403105910a031c510f4c4039edf4","sha512":"4871acd988fb01f0366d1fe9b94548feb7a898da1137fad79bade3011cd49cfd8ff9cbea075f8e045ef31f1b081c3697eaa25ecdafe527cc2326d4374bdd88ff","ssdeep":"1536:m6cvuYKb5yrHvXp2mbVKBw591hyGoitf68hK3vZEvF:mz2YKb5QEmbV11hyG5tinZE9","tlshash":"ac83e6883f51b09903d76077222feb8bf12edc10109ee444d623e5d97b6834ae5bbe65","size":81572,"data":"","first_seen":"2025-11-30T23:32:22.182071Z","last_seen":"2025-11-30T23:32:22.182071Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b86c1d71b66874559ee948effbe1c6fe","sha1":"e16ce845bf98d9a86af0c3fe2527f180c5811e34","sha256":"973d2268e3e9ac2036fe214ae399248cc17048ef6382941dcff375acefda8c1c","sha512":"ad441f0c422d9b40e16d3253ef13d61c4cd7a7523a3de2293a0e5375db653725b26ece923422241b1cf61580bec5f436c504a31cd59c85dec1edb65e8b5aa4e0","ssdeep":"192:TXJILiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:TXWLiEWiFiHn1VuexjrHnAym","tlshash":"f122640409b9d631c45ca02f203e26a6f7240a53ad7abbd4bbc941095fdd95fb5b823f","size":10330,"data":"","first_seen":"2025-11-30T23:32:22.21472Z","last_seen":"2025-11-30T23:32:22.21472Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"467e8113f8dece5b42f05ac4da835834","sha1":"10b701cc6527a60838c8ca86f5332907c0a4fc11","sha256":"77700011f3f6ed17000156244c98e4c8ca85e6f8a714cecfa91d23676d30bd85","sha512":"a23fac964ead38b2d544b36d3a43d3938733a3c0e5dd48a35084a6636952de2bcab3b8f0d9593b96f14cc5abc639d47db909ec065e62b96957e2c76ada2c101b","ssdeep":"192:mhJALiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:mhmLiEWiFiHn1VuexjrHnAym","tlshash":"e222530415b9d621c04ca12f207e3256f7240a579d7abfd4bb8901446fdd96f79b813f","size":10330,"data":"","first_seen":"2025-11-30T23:32:22.215441Z","last_seen":"2025-11-30T23:32:22.215441Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"meantimesubside.com/87/01/60/87016050c203796a626141828a579ae4.js","fqdn":"meantimesubside.com","domain":"meantimesubside.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"383e3b346fcf365e50691b1170268034","sha1":"1b349d4a392ee5bbbdcbab3b8c08090430b6611a","sha256":"227db9e18d3b8d041db29720df367c321f24c53d5d5ea105e1d709bad5e0ec50","sha512":"80f66aa668391ea378cdeed7525ac691c6b615b926d7fe2602c19bc6c759944efde4df8da672245a55431bf3d9dbc43f732c40132a1e9a8a93b0a48706cbfdc1","ssdeep":"1536:Ud5VyAcpiczPP6RdHf8741ia98IWRRDtmD:Mcxz36RS/RRDtE","tlshash":"9fa3d8c87f51f47c03d77476223f610af06a9f00659ce598e013ecfa296871be479aa9","size":106588,"data":"","first_seen":"2025-11-30T23:32:22.200402Z","last_seen":"2025-11-30T23:32:22.200402Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b44bd4b62a4fb9b27f96ea722cc7dedb","sha1":"8024bdf937475f8eb1a815f90996ab00a1604085","sha256":"3b15f51da51a9c56f93db73d2705ad66eec58d56607d1af7efbbe4a6e50a9006","sha512":"3837816fa7444aa772cacc45530a061f937069f5dab08591fa89e2f63a86ce2423874052d6104399355961fe1cf4aa7b42fdfd8ddf80cc69a3b935651b94947d","ssdeep":"","tlshash":"25c02b8c310e0cb045f72b408f3ff600f402322894e0a9324c0a33084d30e13e755814","size":153,"data":"","first_seen":"2025-05-26T17:14:11.090225Z","last_seen":"2026-01-10T19:43:01.891234Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/js/jquery.easy-autocomplete.min.js","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2601841f03f0aadfc48539d5c65abf0d","sha1":"fae175b72fcd900bde1dbba757d87f8bbfc47a80","sha256":"96d809fac6760a5059334e69a672e256cb03b34800c230fa19502ad8d933fee3","sha512":"67e43fd4364ebd654de85ee7e36aab09f159b697a5ade37439ac68d2e2e4f8fc32d35f15d9f866ae52033caaa7e5947b7ee1d58589012b7352abe1976d911b6a","ssdeep":"384:g8MPgWFxQKIM5KlmYVwYpYUTlmNpiMCMVl/qnBJ3GLxp2GoLFbc:g8cTFxQKIM5KlmYVDYUTlmNpiMCMVMBI","tlshash":"9e62965c72d9710913a7717691ff000b753aecd9a9094ca0e990c1e06db8eaf5277f2d","size":15831,"data":"","first_seen":"2023-04-07T23:53:18Z","last_seen":"2026-04-05T06:19:07.268424Z","times_seen":581,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/24/18/2c/24182cd4e6f42aedf1491fdd2c696f03.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/65/c0/19/65c01960220c61bc01b736a1905c525b.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"77dbc7af719a23dd05b41006d4b69641","sha1":"4779636f40014363eac2fc177d8eb5f8e9e4a137","sha256":"c175146b77d30b84e05d3364b75d0c4e5c6f5e57a03dfcae7a63b7caa257958b","sha512":"2d4a1337f9699e5bd789f017d3927d39c59034d5c9dad42efeff5f58a2d552737f8ce45111ead2aa43eb58884f0593c7f89f4cb3ec3d3fa4f193deb6e464d41b","ssdeep":"1536:/l6WTp/37gSqZXqJNplkBiBXFxYgm0M/J49rClQuIwy9Lj6qdEIGZi0hj6mgSdZ1:oIdXLaJ4sQusEIGY6c/TJnQ","tlshash":"c8b3ea4cbb50f0ad41a67077623fd90bf0690d90109cd968e5c7f8f86e5872be63da68","size":111811,"data":"","first_seen":"2025-11-30T23:32:22.189704Z","last_seen":"2025-11-30T23:32:22.189704Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/popper.js/1.14.3/umd/popper.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6451\r\ncf-ray: 9a6e23f81a9f0daa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fa9-4f71\"\r\nlast-modified: Mon, 04 May 2020 16:15:37 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 944698\r\nexpires: Fri, 20 Nov 2026 23:31:49 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Opzgw8Y%2Fe0%2F%2Bz6P1o1sQyxgmY6eqlpNvRdyddzmbn7j3JM6%2Fsiu6k0txgto7YlG%2Bnfb0A%2BbYq7UNwgNr610jhqX%2BHT8evYUjs4J2Gdr4sttsAQk1agYuu1%2Bu1cBVvgxhxMuf4Yhc\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20337,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (20164)","md5":"83fb8c4d9199dce0224da0206423106f","sha1":"d8503645c17f9856868a7def3dc0505e19a95ec7","sha256":"f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e","sha512":"95d735b0fbb5159f2c9a0920a7e1f09d8c956f57919f6c0498aac383526a3c46f4dbe122e243730c843453087400954b4058c9a16c06fbbeb8c7bd33cb94efe0","ssdeep":"384:fYn0vf4wzTC9nNbR1PTM4CrBEQxkxpOxvYLmD75zfC5vIfg3rzGp/TidOgHhXjE9:w0vAwzTC/nM4BxpOxv/D7pC5vfzy/TiE","tlshash":"8c92a3dc3294b06647ab91a7a07f960eb1335875610e9410f19df2e97c30ef9613bc79","first_seen":"2023-03-07T01:10:07Z","last_seen":"2026-04-05T10:49:51.49711Z","times_seen":7291,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":88,"dns":92,"connect":2,"send":0,"wait":18,"receive":1,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1SSz2skRRTHq7M5LIqo6-JBFAb1sOJm0j3dk5l2D6txXVlcd0MSCejF6qrqSTk1XW1V9_RkTsGA7MHD6EnQQ-c7yQY1-OMPEJeJt4CwswfJYYOwB6-KsmeZZGDxHd57xacovu9b79Pt_Jj4yOnR0ru6L5Wi8_WqW7mwJhOuC1u5sVrx3Kp7qbImk4XgUqU3Sab7mucHVfeVytuCtfV8zfVc13O9ylVpRKx78ycUMt0PvWroVoNa1asH6Jn_n23uwFIHvHtMzkHy8ZMP4g8g2QhJ58crwrYznV58q5MrmmmDLt97L2knukjQedTGxkGc7E1vQ9sxIV_OQCd70wmguzuTCRDJMZl59j6iZG8qE1F391RppCASRPxxFN0RhBpB0hGY3oLkdwnAOG7cRNK5fUObgm6cUjqhYzL78B_IYkxm759H0vl-UcleZUWrPJM6sejFJWRvBNkaIc0PkPUdyOIALPsEkv9G5h9eR9LZuWmVhuRHL4ecuy7zwrmQsnguqIfxXBgG_lwjYJHgPq-5MT-xSMYjUDuD3DrIpYM8dpCnDjr8qBK4zYB51F-IQ84abkCDgIvIDZs116UhayBnE-0DZOkATA3AzCZSs4m2_OJu_dyYkN9XYPI7sOslLHdgM4IuL1EIgsISFJSgkARFRlB0y12ubM2Wt7myeeRNa21a_XKos9Y23dVZSyQE1AxgeLkj04_tFlh2ZtiPLR_qSaJRVg5pxMvt9Jg8PbHX-eqz59AWRxXm-vUGE25DNHnD5zTyPb9Ro54X8HpjoUZhZQlpZ0Ctg74ck2Dpb6RyTM7ylxDRA1h1ACafAs1fAC1K0PUS_eQH0UmNsFYJ2q72NvrgukSazSLbcLbVMXlmuLy6eOfkoz-88iIEO3z9Cf7-8_tnPTBTIjUlPpK_ErTUreGyLsjOsi4s-elmmsmO7NPJEqxkNBOz374jNgpt-LUrdvDNG2wCJu3-qrDZdZpwmbQs-W5Rci7MVW2YID9fs2siWsrt-mJukjy9vvTm1WunaqVORqByTB77-lUwOSbnL1w-WfD6v3-ApZuw6eHlB_5JwGqCKHWgJIESh2QaoFEJKx7NE4nDX_46Zdv2FlrGAc22kHRKdE2JripB1QA2PzPMUnN4-d70_Ug5w0gZZydSRn1-6pOVR5XYFzXmus3Gguc3Y-H5AWdxvRmEfIG6vi-Q2bG8eO_P_wIAAP__vEVqKYMEAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:52.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1SSz2skRRTHq7M5LIqo6-JBFAb1sOJm0j3dk5l2D6txXVlcd0MSCejF6qrqSTk1XW1V9_RkTsGA7MHD6EnQQ-c7yQY1-OMPEJeJt4CwswfJYYOwB6-KsmeZZGDxHd57xacovu9b79Pt_Jj4yOnR0ru6L5Wi8_WqW7mwJhOuC1u5sVrx3Kp7qbImk4XgUqU3Sab7mucHVfeVytuCtfV8zfVc13O9ylVpRKx78ycUMt0PvWroVoNa1asH6Jn_n23uwFIHvHtMzkHy8ZMP4g8g2QhJ58crwrYznV58q5MrmmmDLt97L2knukjQedTGxkGc7E1vQ9sxIV_OQCd70wmguzuTCRDJMZl59j6iZG8qE1F391RppCASRPxxFN0RhBpB0hGY3oLkdwnAOG7cRNK5fUObgm6cUjqhYzL78B_IYkxm759H0vl-UcleZUWrPJM6sejFJWRvBNkaIc0PkPUdyOIALPsEkv9G5h9eR9LZuWmVhuRHL4ecuy7zwrmQsnguqIfxXBgG_lwjYJHgPq-5MT-xSMYjUDuD3DrIpYM8dpCnDjr8qBK4zYB51F-IQ84abkCDgIvIDZs116UhayBnE-0DZOkATA3AzCZSs4m2_OJu_dyYkN9XYPI7sOslLHdgM4IuL1EIgsISFJSgkARFRlB0y12ubM2Wt7myeeRNa21a_XKos9Y23dVZSyQE1AxgeLkj04_tFlh2ZtiPLR_qSaJRVg5pxMvt9Jg8PbHX-eqz59AWRxXm-vUGE25DNHnD5zTyPb9Ro54X8HpjoUZhZQlpZ0Ctg74ck2Dpb6RyTM7ylxDRA1h1ACafAs1fAC1K0PUS_eQH0UmNsFYJ2q72NvrgukSazSLbcLbVMXlmuLy6eOfkoz-88iIEO3z9Cf7-8_tnPTBTIjUlPpK_ErTUreGyLsjOsi4s-elmmsmO7NPJEqxkNBOz374jNgpt-LUrdvDNG2wCJu3-qrDZdZpwmbQs-W5Rci7MVW2YID9fs2siWsrt-mJukjy9vvTm1WunaqVORqByTB77-lUwOSbnL1w-WfD6v3-ApZuw6eHlB_5JwGqCKHWgJIESh2QaoFEJKx7NE4nDX_46Zdv2FlrGAc22kHRKdE2JripB1QA2PzPMUnN4-d70_Ug5w0gZZydSRn1-6pOVR5XYFzXmus3Gguc3Y-H5AWdxvRmEfIG6vi-Q2bG8eO_P_wIAAP__vEVqKYMEAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+98a9640c4420cfd5c06b3659cd529da3=6308898; expires=Mon, 01 Dec 2025 23:31:52 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Mon, 01 Dec 2025 23:31:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 6\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a515b1ed83abe5ce552d43b5a2a96e72\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.1.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-1514f\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\nage: 1520364\r\nx-served-by: cache-lga21948-LGA, cache-hel1410022-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 99, 2019\r\nx-timer: S1764545509.134479,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30019\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86351,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32014)","md5":"05e51b1db558320f1939f9789ccf5c8f","sha1":"c72c1735b4d903d90dd51225ebefb8c74ebbc51f","sha256":"702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb","sha512":"ab3ad9a98fe431508461ebbf8029bc536f34d16cfef8b4c62b8a62b56fe2b30a426e3c3186c994c2578bd585da1c89a9b421c6d2f27053b2f2ed13b0dd9428c3","ssdeep":"1536:3dhEyijTikEJqRdXXe9J578goJsWXdLVhNLKz4DTAjnWotoZqwsRmKKH7UggYiTv:2Qcd5hNLxTwn3t0iUHiTDU8Cu5","tlshash":"4383e6d9b2c670529b7730b850bf450bb17a98dab44c8da0f068c5d47eb4a8d907bf2c","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T09:50:56.382081Z","times_seen":9688,"resource_available":true,"data":null}},"time_used":215,"timings":{"blocked":81,"dns":43,"connect":16,"send":0,"wait":17,"receive":11,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/css/easy-autocomplete.min.css","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /templates/frontend/dark-blue/css/easy-autocomplete.min.css HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Jan 2020 20:34:52 GMT\r\netag: \"5e27606c-202c\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t72llEYqiqNNxSARdwEpJ7X%2F2jBcb0fwcWBfbRh347G%2FX6arpypXZxITw8XojRjErOER%2FYb9NMCMvMccze7RqZBFiZH1KnlzSYJxVF64FWWmAsY%3D\"}]}\r\ncf-ray: 9a6e23f7492a783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8236,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (7999), with CRLF line terminators","md5":"2fc47373a364c7428abbecc06d334aea","sha1":"b4575d857a999297a386204f4bac63fc8bf31909","sha256":"7c04585497e13fb2c8a8d9df52da676ee8d6df836c7c2e0e25bb5cdfbacadabb","sha512":"4ec34df52dd7de39da51d2ddf89a72479c95481bd6f4ceabb8a2aa265e57881a6ecf3c8831c05abe2813007687e74309b9d86fe572245cc3b004bed36e15d385","ssdeep":"96:w/fzoxRdAfaDnYQYLBci65485kSs5iz7U0XfjsI63FO3H1RD2GV9Vktr3BdsFsx:gfzof2faBH48k5iz7UwND2zZx","tlshash":"81027d26a607841733e7e67fe6c2e9a64fe8c4d082420f95f453e010e5c5b6b6c1fb96","first_seen":"2023-05-03T22:30:40Z","last_seen":"2026-04-05T06:19:07.316744Z","times_seen":303,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/8.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/8.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15811\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-3dc3\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MjUu6YRKXK48NIWJmNBfymgGXauHJIZmk7qcquvpBRO6gQzvSqRUUR3PMTw6lEt%2Fh7B3KSFBnGvkMDEDaqHx2KqUCONaslRhMWxM2034icuf%2Blk%3D\"}]}\r\ncf-ray: 9a6e23f7899c783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15811,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"33708365282daf2f4501773b89adb7b0","sha1":"900f94627e8873c12d3fc1c5cfe7e7c5de537d36","sha256":"ec6d2d91dfd34dbe115c13cf6850fc0bca8837e62f3e4821eeee30386da5f548","sha512":"c809cd8c1f1038ce3f27b04ef83545c243c5b98dddab2cfa44845318ea84748d03dec810dd26c4484385e5239dfad14e3a326d15bd3d101ac6da71b8f000b760","ssdeep":"384:5cVp1x4JGzFY8FuDTBdwLGSgKZvYbHNBl6r:5W1x4JmFY8FuDNdwLTgCvM/lY","tlshash":"0062af066e0e54e4b61bd9bd990eccb6a8f447939c3651ec33e00a84e75947a98ee073","first_seen":"2025-05-26T17:14:10.971222Z","last_seen":"2026-01-10T19:43:01.785168Z","times_seen":6,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/ren.gif?sid=H4sIAAAAAAAC_1RS32scVRS-0-ahKKLW4pPCoj5UbDYzOzObHfsQjbVSTJOQRAL64p25dzbXnZ07vXdmZ7NPwYDUt7VPFnyYfJs0VIM__gBp2fgWEDp9KHloEAo-K0qfZTcLxQP3nHP5Ltzv-875aic7ITYyerx8XfZEFNEZt2pWLq6LmMlcVxbXKpZZNS9X1kVcdy5XuqOkOu9atlM13658xIOWnKmZlmlaplW5KhQPZXdmjEIkB55V9cyqU6taroOu-v9dZwY0NcA6J-Q8BCtffBJ-BhEMEbd_vsJ1K5XJpQ_bWURTqdBh-5_ErVjmMdrP2lAZCOP9yWtIXRLy7RnIeH-iALKzO1IAX5TkzKuP4cf7E5rwO3unTP0IPIbPnkfeGYJHQwg6RCC3IdgDAgQMi0uI23cWpcrp5ilKR2hJpp7-A5GXZOrxBcTtH-cj0a2syihLhYw1umEB0R1CNIdIskOkPQMiP0SQfgnBficzTxcQt3eXdCQh2PFbzA_rYS3k09Tk4bRDZ2vT1LLdacYs06W-P0t9c2yRCIeg2kA2OsJAFhrIEgNtdlxxzIYTWNSuhx4LZk2HOg7jvuk1aqZJvWAWWTDi3kea9BFEfQRqC4naQkvceuCeLwl5tAqV3YfeKKCZAZ0SdFiBnBPkmiCnBLkgyFOCvFPssUjXdHGHRTrzrUmtTapdDGTa3KF7Mm3ymICqPhQrdkVyQ28jSM8OeqFmAzlK1E-LAfVZsZOckJdH9hpfP7qHFj-ueHUndBsN1204oe-FHmVmw23YNZdS13RtF1oUEPrM2JSeKImz_DcSUZJz7E349BA6OkQgXgLNXgfNC9CNAr34J95OFNc64rRV7W72wGSBJJ1CumnsRCfklcHK2vz98aA_v_IGeHD03gvs09cOzlkIVIFEFfhC_EbQjG4OVmROdldkrskvS0kq2qJHR0uwmtKUT33_Md_MpWLXruj-3feDETBqD9a4ThdozETc1OSHecEYV1elCjj59Zpe5_5ypjfmMxVnycLyB1evnbIVMh6CipI89907CERJLlycGy-4--8fCJIt6ORo7ok9DmhJ4CcGIlGS67duIOJHc3dv3y4IMUD9Apo_0-Tzo3t_kXHs6JtoKgM03UbcLtBRBTpRARr1obOzgzRRR3MPJ3_4kTHwI2Xs-pGKvjn1Sovjilvz7XqjUedhnYU2s2s281yTew716o7nuEh1KS49_PO_AAAA__-1eanDhwQAAA==","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RS32scVRS-0-ahKKLW4pPCoj5UbDYzOzObHfsQjbVSTJOQRAL64p25dzbXnZ07vXdmZ7NPwYDUt7VPFnyYfJs0VIM__gBp2fgWEDp9KHloEAo-K0qfZTcLxQP3nHP5Ltzv-875aic7ITYyerx8XfZEFNEZt2pWLq6LmMlcVxbXKpZZNS9X1kVcdy5XuqOkOu9atlM13658xIOWnKmZlmlaplW5KhQPZXdmjEIkB55V9cyqU6taroOu-v9dZwY0NcA6J-Q8BCtffBJ-BhEMEbd_vsJ1K5XJpQ_bWURTqdBh-5_ErVjmMdrP2lAZCOP9yWtIXRLy7RnIeH-iALKzO1IAX5TkzKuP4cf7E5rwO3unTP0IPIbPnkfeGYJHQwg6RCC3IdgDAgQMi0uI23cWpcrp5ilKR2hJpp7-A5GXZOrxBcTtH-cj0a2syihLhYw1umEB0R1CNIdIskOkPQMiP0SQfgnBficzTxcQt3eXdCQh2PFbzA_rYS3k09Tk4bRDZ2vT1LLdacYs06W-P0t9c2yRCIeg2kA2OsJAFhrIEgNtdlxxzIYTWNSuhx4LZk2HOg7jvuk1aqZJvWAWWTDi3kea9BFEfQRqC4naQkvceuCeLwl5tAqV3YfeKKCZAZ0SdFiBnBPkmiCnBLkgyFOCvFPssUjXdHGHRTrzrUmtTapdDGTa3KF7Mm3ymICqPhQrdkVyQ28jSM8OeqFmAzlK1E-LAfVZsZOckJdH9hpfP7qHFj-ueHUndBsN1204oe-FHmVmw23YNZdS13RtF1oUEPrM2JSeKImz_DcSUZJz7E349BA6OkQgXgLNXgfNC9CNAr34J95OFNc64rRV7W72wGSBJJ1CumnsRCfklcHK2vz98aA_v_IGeHD03gvs09cOzlkIVIFEFfhC_EbQjG4OVmROdldkrskvS0kq2qJHR0uwmtKUT33_Md_MpWLXruj-3feDETBqD9a4ThdozETc1OSHecEYV1elCjj59Zpe5_5ypjfmMxVnycLyB1evnbIVMh6CipI89907CERJLlycGy-4--8fCJIt6ORo7ok9DmhJ4CcGIlGS67duIOJHc3dv3y4IMUD9Apo_0-Tzo3t_kXHs6JtoKgM03UbcLtBRBTpRARr1obOzgzRRR3MPJ3_4kTHwI2Xs-pGKvjn1Sovjilvz7XqjUedhnYU2s2s281yTew716o7nuEh1KS49_PO_AAAA__-1eanDhwQAAA== HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=dbf6f2fe-a0ef-4a72-a135-dd105abb7ab0:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25810879=1; slec964f5885584fb9f9ad0858325aa50535=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7648f29dedf02551bc3416cbb0ae4335\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 30 Nov 2025 23:31:51 GMT\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-02-19T22:23:13.628811Z","times_seen":6025,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 04:05:50 GMT","end":"Thu, 05 Feb 2026 05:05:47 GMT"},"fingerprint":{"sha1":"CE:AE:8E:FE:2A:86:03:2B:16:43:FF:98:36:53:B2:ED:10:BF:FD:23","sha256":"95:CB:A8:7B:9C:88:98:F1:EF:D6:C9:79:E1:98:63:76:71:B7:BD:E2:89:6D:CD:55:61:DB:C0:4E:B1:1E:67:F7"}}},"request":{"raw":"GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1\r\nHost: stackpath.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-ray: 9a6e23f85f7f76ef-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"04aca1f4cd3ec3c05a75a879f3be75a3\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:06 GMT\r\ncdn-cachedat: 08/01/2025 14:01:31\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1334\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 609c8fccd30c682d4ce1507ea26abb4f\r\ncdn-cache: HIT\r\nage: 174670\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140936,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65324)","md5":"04aca1f4cd3ec3c05a75a879f3be75a3","sha1":"675fcf28f9fbf37139d3b2c0b676f96f601a4203","sha256":"7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11","sha512":"890415fa75ed065992dd7883aed98bfbdfd9fa26eec7e62ea30263238adca4eecd6204f37d33a214d9b4f645ad7d9cc407d7d0e93c0e55cf251555a8a05b83ff","ssdeep":"1536:un1QWSUPBT+QYYDnDEBi82NcuSEz/NvT/gIENM6HN26e:q1L7PDxYIENM6HN26e","tlshash":"bdd373a7f5a0312da467c61864d0bafe156f8285d7221ffaf42737644b895cb0a73e0c","first_seen":"2023-04-05T03:23:19Z","last_seen":"2026-04-05T10:28:14.193722Z","times_seen":19508,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":121,"dns":125,"connect":4,"send":0,"wait":8,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 28575\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-6f9f\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3kop54u8tg5AQVHcwAmLDXvo8AeWsTQ%2B9D%2BJfO3RAonJcKacf5tJh1iZAVUelFgRU%2F%2FaXzdS1GwOoca3BG%2BGvhQ38LSNCQMZbjYaTsDo%2FsjQeJw%3D\"}]}\r\ncf-ray: 9a6e23f7798c783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28575,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"2050139b58000f14e8837e08d1b81440","sha1":"10582c4b67c54bfcffca3e73d5c51f9daab02334","sha256":"ebcf5bef3f5fd02d682bf4b10bdf7acd9e50a108236e90de9c66150ea9f52fd0","sha512":"387bfb093a083684437d6795f4a2ae763fca4478121773aa1644493e533516401bb83360ab16a557212e0dd95111cc4cc9c1cd68282a4731936f2b002492877e","ssdeep":"384:5RSBQVNr7CN6fKMUnJQ2pAbjAU7/D/6Xn5lRY5ir7Z7CvUTvuo7IDl3mRO1KI:5RkQD26SMUJQYSjA0Iq5iXYvkun9WO1H","tlshash":"acd2e1b81614c6e235dd06404029defafed43d49b209fb33b4f562593e20ee82625dba","first_seen":"2025-05-26T17:14:11.039602Z","last_seen":"2026-01-10T19:43:01.824035Z","times_seen":6,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7020/12.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7020/12.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10674\r\nserver: cloudflare\r\nlast-modified: Sun, 02 Nov 2025 06:07:33 GMT\r\netag: \"6906f525-29b2\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rif4osnbg8bvEs8sP%2FB4dICY%2B%2FWkNRxf49Zrazf5J3SOHVdePBPCvBdDk09B04yq5uSYZ57FTRu18kFOoNeJjjykm4RZTPe7R4AifraSR5y82yA%3D\"}]}\r\ncf-ray: 9a6e23f7ba2d783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10674,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"01b0950ae4707ba3afbd4be93bf99301","sha1":"56ca68bd7eb647a1c6811aaffdfd5936247c9847","sha256":"624f8db69eafc272ff85bcd5654ed4765906010c287528637096c602d49cd1e5","sha512":"c7b07d474323d567b69b59f1ce3f11a07282cec8ae42f8c8e8ed9a4df927870181fc716f4b9e54d027a6528e1abe826df636ac12f50bf69efe5accc339462bd1","ssdeep":"192:xONyq36AglB4awnXKAmk5znbrFGU/wVX6Lu2kXQI4er72FMU49a7ZD2cK2fKBk:xsOlq9KAfdF9wVqLu2kXiev2xLJXrKBk","tlshash":"8022afa7551223f0bc3fa9b6ae164e03cde59eb17795918a1de4c393f2d84c1c8d059c","first_seen":"2025-11-30T23:32:22.153767Z","last_seen":"2025-11-30T23:32:22.153767Z","times_seen":1,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":332,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7309/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7309/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9991\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:27:17 GMT\r\netag: \"69299525-2707\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eFqa4xUZ1RNjttPX51j3MICm%2Fk5vpE3dD9c4f8xkq04hRVs2NEu0jbTLWUm5SH0IMGIvKTPAGBncAL%2FnO5V9Q81X8aG1%2FFclCwg9JbvUP%2BZEb6o%3D\"}]}\r\ncf-ray: 9a6e23f7da6a783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9991,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"bcc83e06a77402ae551cb1b8b52c2205","sha1":"d2e237d40d96045468fb12ac6bbc077fbbdcd929","sha256":"414081376a500616f2ec38a5d007cf6a8ea6da4a9ff6b5271a58c9b52f76f1b6","sha512":"37d1ce41e12c499fd4ff9e1aee88c8b9cabbe646690f4651c243f71e6c19bd9c3b809306390301ab36f7e44713d7e13eeffab6d78796496740202fd2a82a510e","ssdeep":"192:xW1Lmm7F3Z4bzX1Aa8cHgEDkrVS/uwhEmeTfy8iHV4K08ZgNwF1P4z4DSa:xW1Lm7maDMA/9ENbQ0zNCN4OSa","tlshash":"1c229f457bc251fbf51365f9ead1ed1a07cb5b917c859d68ebcf1100c00a6d4974cc49","first_seen":"2025-11-30T23:32:22.15495Z","last_seen":"2025-11-30T23:32:22.15495Z","times_seen":1,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7306/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7306/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10116\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:15:03 GMT\r\netag: \"69299247-2784\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MeqOFif27guURtjRsPrXBpmnZVfatYY57ADDvaJByVKvIYnzRnLxdK7NYgXX7CqnaaIpWrI%2FPOLmf1CNtchZVRKdA%2FdEjM8vsWpg8y6Yu8Rk98A%3D\"}]}\r\ncf-ray: 9a6e23f7ea94783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":10116,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"9adcf022c0ae613ed8da596353bafc29","sha1":"aad838c733c82ef911b82f828cc4742b95bcea61","sha256":"954c38a165168e6e7a3036a9b4654501f44be2c8b2b8b0e196c04f1e2c5ebe90","sha512":"5e61040818a9ff2f9c309cabe02da1fbda7492a715b68fb6ca42afd24db5daabf7a597f398acbecf1ad769f822c27b4a2c86432bd96a8d0909fd90c4f4d0e597","ssdeep":"192:xTnQ+KghEW56JG9J61kxnARd4wFgqGabHqc4a9pRPkH/sGbGm1c:xTnQ+KRW56NWtAR+wFdKr+pRsH0GHc","tlshash":"8622bf6a8dc02ec47b36692ca4882ec6d0f48744f86528da7dd24af1c75121967d4f7f","first_seen":"2025-11-30T23:32:22.156236Z","last_seen":"2025-11-30T23:32:22.156236Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-RCPYBL52QP","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:43 GMT","end":"Mon, 19 Jan 2026 08:33:42 GMT"},"fingerprint":{"sha1":"4E:9E:D1:61:E4:7D:C2:8A:B6:AD:D2:31:C7:07:01:E4:DB:A0:A7:A9","sha256":"C5:DD:D4:CA:97:B7:B5:8C:B4:99:E8:56:30:AC:1B:F0:FD:7C:5A:FD:19:ED:13:D0:27:D6:0B:76:C7:C7:A0:66"}}},"request":{"raw":"GET /gtag/js?id=G-RCPYBL52QP HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\nexpires: Sun, 30 Nov 2025 23:31:49 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 134581\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":392826,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"9d2f121d46a72b0b444d6edabf7a056e","sha1":"173302193865ec84721c6b1cfbd279d0e3e175a9","sha256":"609b51d96bb514c48632edf0e96958beb64f376a4b610a76c251e800fd604b18","sha512":"65525005948a96f482f49306286d274a858f6668f456b47c29fe27c9ab8e2c2ab58afa57ceb38c35d63fab4b4db5ce8d800f677ea06adf9684afd13d1b9bf5b3","ssdeep":"6144:+PBUKitJeUI2XVUULUVWo6O7GQEO7R2lfoOr+3X:qDi2UnVUUtO79","tlshash":"a88409ce73d674265396f478502f018ba57b28a2f44cc899f189cde52e70a9a4277f3c","first_seen":"2025-11-30T23:32:22.157063Z","last_seen":"2025-11-30T23:32:22.157063Z","times_seen":1,"resource_available":true,"data":null}},"time_used":630,"timings":{"blocked":213,"dns":57,"connect":8,"send":0,"wait":32,"receive":26,"ssl":290},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wDNRQlXCMBYqq9aWF0VQqPpeP6CRtXrWNNDzy%2BH%2Byi4K6k4Bo4bvDIpn19ZRyU93AsNa1O%2Bbeg3FQEhZBubK9hsNpSJbrG33kF9UENZuvAo%3D\"}]}\r\nage: 3274540\r\ncf-cache-status: HIT\r\netag: W/\"675af4e6-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9a6e2403e87b3181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-05T10:20:01.401822Z","times_seen":8764,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8cW9cbWq32DDHLyByb3qH%2FzCDBF8RwJW%2F1tLWrfNLsjbQCVaKkGRqzmcTr%2FltpqjNrXQuGuiFNu9O8Q2k8ywhDUH31gyhARNllI8ZYwf5hI%3D\"}]}\r\nage: 4988061\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9a6e240408bc3181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-05T10:20:01.373728Z","times_seen":10422,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/703/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/703/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8876\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:06:05 GMT\r\netag: \"67e4420d-22ac\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XA6IJ1sULPgOTZ3PumfTBYULheRJQDXUPNLK5fNAP42p5kKPxEQ5unQdVB8jLZ85IISeZSnAV2W7cnWLqGE7RFw%2F6IQFszThleyD5ezQSvMcLP8%3D\"}]}\r\ncf-ray: 9a6e23f7694e783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8876,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 256x144, components 3","md5":"ce9570b50194d386365d5e0cfc7d6649","sha1":"31d59a3e25d3db141e60865fc6440666967a7e5f","sha256":"1516d4cc33a8f62c6d06afedc5d512e97b49cd6078693f02754e7654211f7db0","sha512":"76fb2416a782712e0adac8545e484b8c7ccf35b36cb96b688a122668abbb9c773f6cdc64a9bcf8c91efed3ab8f3b9bd8fc26985fdf61c55bdcb844d822967037","ssdeep":"192:BQgY9k/MGfgSJxILdznHQ6HGzoAeGiGRPtkdUzxAmtdlV:BQgR/9I5znEzKGhPtfAmXj","tlshash":"b602afdf382203e5bd2e459366689f5f23d909c827c22b27b7f112a483a381e71da750","first_seen":"2025-05-26T17:14:11.021129Z","last_seen":"2026-01-10T19:43:01.78433Z","times_seen":6,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/sbar.json?key=964f5885584fb9f9ad0858325aa50535\u0026uuid=dbf6f2fe-a0ef-4a72-a135-dd105abb7ab0%3A1%3A1","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /sbar.json?key=964f5885584fb9f9ad0858325aa50535\u0026uuid=dbf6f2fe-a0ef-4a72-a135-dd105abb7ab0%3A1%3A1 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 3910\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://www.empressleak.xyz\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=dbf6f2fe-a0ef-4a72-a135-dd105abb7ab0:1:1; expires=Sun, 07 Dec 2025 23:31:50 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 01 Dec 2025 23:31:50 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 01 Dec 2025 23:31:50 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Mon, 01 Dec 2025 23:31:50 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Mon, 01 Dec 2025 23:31:50 GMT; path=/; secure; SameSite=None\nu_pl25810879=1; expires=Mon, 01 Dec 2025 23:31:50 GMT; path=/; secure; SameSite=None\nslec964f5885584fb9f9ad0858325aa50535=[6308898]; expires=Sun, 30 Nov 2025 23:31:55 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 216\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: cb96529e95c15fcf5814cb38183edfb1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5889,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"8d0f2168c065f637fc99bddb0e53673f","sha1":"94f5178c62faf6181d8ece4ae73fcaae0eae8abf","sha256":"783993ae59b4258fe530a545fdf00c680e75b558a226a7e7b937cc6d03b6cf88","sha512":"b3d60b6a45d234e0e344da4c157cccfd6af24e11d2dd5b496ca99200b05f1c9bc4754e5dbc7fbd98b36869edbd390a2248fc4e9f2935deec378fd93721c1170d","ssdeep":"96:9u8zxNhgPnSlep4EhRgt+TlUWWNWDQEi5/eZvlh38SEDyFfisPU1K7UnuSlz+nP:9Zz+/+e4EhRgWnWNWDQ7/ohMSEgPF7U+","tlshash":"03c16d657854f732d38a0c088e211ce98c947f3a59e0c8a8f5373fee07ab5d469850b9","first_seen":"2025-11-30T23:32:22.160303Z","last_seen":"2025-11-30T23:32:22.160303Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":309,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=482","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=482 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7320/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7320/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17438\r\nserver: cloudflare\r\nlast-modified: Sat, 29 Nov 2025 01:07:52 GMT\r\netag: \"692a4768-441e\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BanlGMjySFxB1q%2FgC30YHf2rBSqLyzaqgEPkmonFVISPl9qn7BhwaioG2Ey1%2BC%2BwvG2VzgIn4a7wduP406VIKB6YGs9xOksuJW0uKW6Dvil6CgM%3D\"}]}\r\ncf-ray: 9a6e23f7ca3c783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17438,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"fbbf6347c061d030daf1c7d1af3c22c5","sha1":"619e3070023072f5a7b9d4bcff5e32b10442f1fd","sha256":"5ed410e2fe8d4e7edcc531a0a8f24068c7780bb1a8581569f8be4caf071874e1","sha512":"7b517f337f2327cb97a5df9e228ecadc40ec2167f035c2127081404c702c764d9bdd82766a83807b057172836a468cc8ea41825217602350115ddfee347bfae2","ssdeep":"384:xnzSac1x4wG6Od00cckFCMO96jf170K/PVja9KuT:xOvrJmkFr177PVjaE0","tlshash":"0872dfd0b2a914e4f8de00137c269ce27acc6dd92904a1d33dfa56968625eceb066e74","first_seen":"2025-11-30T23:32:22.161085Z","last_seen":"2025-11-30T23:32:22.161085Z","times_seen":1,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:49 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 95cbdd9c81e54f6d63066b767e33f299\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":73,"dns":1,"connect":17,"send":0,"wait":38,"receive":18,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=c0357ce07e8d73dab31372a114d5762a\u0026uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /sbar.json?key=c0357ce07e8d73dab31372a114d5762a\u0026uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 3852\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://www.empressleak.xyz\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; expires=Sun, 07 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 01 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 01 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Mon, 01 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Mon, 01 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\nu_pl26971162=1; expires=Mon, 01 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\nslecc0357ce07e8d73dab31372a114d5762a=[6308898]; expires=Sun, 30 Nov 2025 23:31:56 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 216\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e6e07965bee8c43969ae6176c6a505a2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5849,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"5832db4118460168e11054e1446f593b","sha1":"b48bd2a4aca14bc7cf9dd62a2eb9f5e5cebeb563","sha256":"ac887d4fb2e1fc5ea423f4a476952c1ffafb3021df0327cff5964cc5033cf69b","sha512":"63dba17ec7425ac41020b42033c848dabb303b8bc4b058df2b3d6c71dd5b0c27c9f2aa086be68add55705d8473c226e82a5d3e1726cf48041bc624b61e6d06ca","ssdeep":"96:9u5S8ynNH5opTWCbHYc00p7nPpcHHAiOH5opZxUxkhlwqXY8+gD:9Y078TWQ4c9xPpZia8TUxkhYz0","tlshash":"2dc17b93734c18a19f9a85187960adfcddc8d9cfc8d550d0c8e2637f076d8948b46af8","first_seen":"2025-11-30T23:32:22.162531Z","last_seen":"2025-11-30T23:32:22.162531Z","times_seen":1,"resource_available":false,"data":null}},"time_used":936,"timings":{"blocked":308,"dns":15,"connect":100,"send":0,"wait":319,"receive":1,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=964f5885584fb9f9ad0858325aa50535\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=964f5885584fb9f9ad0858325aa50535\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 0\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 701ecf7701f5ca6ca64c0eb05817fcd1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":875,"timings":{"blocked":388,"dns":100,"connect":96,"send":0,"wait":96,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/js/jquery.main.js","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /templates/frontend/dark-blue/js/jquery.main.js HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Jan 2020 20:35:04 GMT\r\netag: \"5e276078-1b45\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nage: 5406\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YfYp3u8GGVlw9RGsY0vZ9pEgAjnHX3GZMGtjEGtZEyV2gD%2FkY06mJ5f1lGEdFnVYSaeeAX3Dtbzb8hXde%2F2CjaYCOq%2BrVDREpifxFIJWDJ%2Ff5qs%3D\"}]}\r\ncf-ray: 9a6e23f80acf783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6981,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"b644de1964da84e658427eefac4d6a7d","sha1":"31ae41c6a1fe2bd9cabd27672d9c1f2f3842165d","sha256":"bc624d5946daa2e2c7ac3cf7dce07527637d5fafdc2b66c75a36be7f5dda0c85","sha512":"11a71a0ccc7ab9addb2c8f50fc7d85a751cb2300ec210f09200f2762d5760049d41c039fa9c7c329f25c806edf95d383035ab9d04141a95ad3652e8a84ac7412","ssdeep":"192:K5hjaJvkdwRhjLJvmdwg6jWFVDt8S9Oy8vS:K5oWClw4e87pvS","tlshash":"cde12f44f1993baf98b7b3bd4abf37476b2cc8b3c201099c7972045e2b64c60275664e","first_seen":"2023-03-07T01:43:05Z","last_seen":"2026-04-04T21:34:36.066402Z","times_seen":202,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/24/18/2c/24182cd4e6f42aedf1491fdd2c696f03.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /24/18/2c/24182cd4e6f42aedf1491fdd2c696f03.js HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 41e67e0aea7b2da44a863379df06f858\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":377,"timings":{"blocked":-1,"dns":1,"connect":91,"send":0,"wait":95,"receive":1,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jcVbNCZJIlFBDXtQLduV2YwYAwT7%2BFQdaxZyt3ASCtHTFbhBvrIQKmXXtvxxNi8ng0aaXcLDE8PLc5uJLPL%2BxluIf91r%2FtUyV0%2B7yP8%2BnpY%3D\"}]}\r\ncf-ray: 9a6e24074e783181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-04-05T09:34:37.052777Z","times_seen":1621,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:52.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 25 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 446956\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T10:47:29.499783Z","times_seen":716431,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":31,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/18.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/18.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20590\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-506e\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O8Nfy9%2BK91EP%2FIKVbyU31Q6CmxSBMBL7F79JKrRe4pc8gjTkElgEdETBw%2BxKQwQHrTVrCsnfgm3AY0uKbDXrgGCjbClAClpCQ7qQ3DHYR3Psgco%3D\"}]}\r\ncf-ray: 9a6e23f7798d783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20590,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"b46b5bfff50a6550241bcab80ac56fa3","sha1":"05af65717f4e4d3e254b82c13225e817d833c33f","sha256":"e56a5ba36771d4217dba7db288435e46ce288a8a5ed0149ae24cc2e2a676cdd2","sha512":"ccf11d17454d4c8806b467abb1398227220cd015a944adbf5fe72507dbba8a286ca5650b7ecd4d1271a9bbcb11c4b3f5ba0b422887aed602c1ce4b24c6d60bbb","ssdeep":"384:5yqK7MmWiB+ItFCCHMY6P8DSDN1h/LhQiLh0hU0k5O4mRJMwZh:5ytMa+IROh1QC0hUj5VyCw7","tlshash":"7092d0ef1e1987f4bd99a4e374e70cd1c6da36159230964098f2d552cf124abf21e3c8","first_seen":"2025-05-26T17:14:11.004604Z","last_seen":"2026-01-10T19:43:01.861996Z","times_seen":6,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/images/favicons/favicon-16x16.png","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /images/favicons/favicon-16x16.png HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9; _ga_RCPYBL52QP=GS2.1.s1764545510$o1$g0$t1764545510$j60$l0$h0; _ga=GA1.1.518606631.1764545510; dom3ic8zudi28v8lr6fgphwffqoz0j6c=9dd00c19-9acf-459f-9943-74cbed3d20fd%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 897\r\nserver: cloudflare\r\nx-accel-version: 0.01\r\nlast-modified: Wed, 26 Mar 2025 18:41:43 GMT\r\netag: \"381-63143304ca06e\"\r\naccept-ranges: bytes\r\nx-powered-by: PleskLin\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qu4BB%2BpuGmS7jEeWgmIvT%2F628zZ3cFycbq0tMafu%2Bp7Ph7SqKXlnpfZso2n0zKL5O337uPlhYbgQN1CoB%2BgEl4IiE9JguODqgdsEPidSp9uE9V0%3D\"}]}\r\ncf-ray: 9a6e23ff2f6c783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":897,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"b99c119f474c9ebff61384e6b19257dd","sha1":"18b59d6b02b37934af4d8f861992734495a0c6bd","sha256":"b6946e074a7c4641fc08f8daf3a74fad88a30898c759be2cf7a7f96850fe95c3","sha512":"94b002191640749e08ba1eeec1a81765db280cb287947fe7999fd119e9045360f6836cc8be384ff6550430400c84e3ed3116ef470ed34f0c880f07fe1a9b90d1","ssdeep":"","tlshash":"1f11b7b7e20b50acaf4b42f3bcb1310085d318b4e0097898f0f5d4511c8ee8406a9eab","first_seen":"2025-08-24T13:45:48.513021Z","last_seen":"2026-01-10T19:43:01.822616Z","times_seen":5,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uT%2Br1wtC6kZUyAJ0q99yOVEYgOk1OcjETdenck5G1a9jehw5a%2F0tPADdAOdhwWpHyIcEt2MxWaudqpIOzVrxP31fmAd2htCGO0sbs99gXqI%3D\"}]}\r\ncf-ray: 9a6e24074e753181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-05T10:20:01.382478Z","times_seen":5467,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/706/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/706/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11384\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:06:05 GMT\r\netag: \"67e4420d-2c78\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MXNxJJyKA5IRX9CE3fFynOzEC%2BKi6M%2FbM9t0FkyfZT2lruMdJjDBVSKVXHJ9e%2F7ZJMClSDw01UGfJurZWvvuXhER8EdkDY8MVJOOFldmR01sWpA%3D\"}]}\r\ncf-ray: 9a6e23f76951783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11384,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 256x144, components 3","md5":"f8789c248dddc2a19d3ce83a40654e80","sha1":"4d6a3263cfd49de108ee7126c402920ba7b4d4ee","sha256":"d79708901664269d09ad2ad76a510a9b0b7f42ea59fc5099b143fa847445e727","sha512":"f74ecc5ecd4eb38f652d6ff5f121dace0ba518bf799d14b600d21e8ce2f6f7a68a2c612fe7342066fae23de547feff148bc329c9072d38953368f002b5771218","ssdeep":"192:B7gf3v0Hjskbo6SR2MEy/vzy0dWvlk181anyDqwZ+hSnZpBN7vGlu7xe/hH/JrVO:B7gfcDseoXEwvwN481zdZ+gnZ4lu7xe4","tlshash":"3b32bf899f95bfd4a93381e458cc1d7003ef0ad5adbcb10051c563a285d23ed6bcaad7","first_seen":"2025-05-26T17:14:11.023989Z","last_seen":"2026-01-10T19:43:01.794668Z","times_seen":6,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/5605/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/5605/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15826\r\nserver: cloudflare\r\nlast-modified: Wed, 21 May 2025 12:05:49 GMT\r\netag: \"682dc19d-3dd2\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QM53%2F4yMX5fT0cU780N20dVb6yVy6CcNb5vPvJbfsg%2Fcv0%2B8E7jPwPMsJA%2FLYXbF9ALsUVFTAOimez7Kz%2BhQzFrFi8%2B0EWLIX0vamDkTHWjHVxg%3D\"}]}\r\ncf-ray: 9a6e23f7a9e1783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15826,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"2ee420c6ec7787219e0e9b5d0309c295","sha1":"0e4e491bcc98b91a4fd24652ad55b969cf26e77c","sha256":"7a8808099cfe9305dd75d1607fecbe0d10a6209aba231e84ceff67d69e29534c","sha512":"78c8854581452bcea34cf0d4681e01a3add28dc23899abf295db8cda6df7160ff1ea3d6aebb9fd5dab22c172d1682b5e974601cb89abeb96c6a426bab29b402d","ssdeep":"384:x9fo/CnKlkVo516iad4cbI43AgJyjA2xd+j9ae56:x9A/3l2icfpzJyzXk9aV","tlshash":"0262bf40778289e0fe27057be1777c91eed702bfa670e79b81e7392491d06d68651830","first_seen":"2025-11-30T23:32:22.168192Z","last_seen":"2025-11-30T23:32:22.168192Z","times_seen":1,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":432,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 25 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 446956\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T10:47:29.499783Z","times_seen":716431,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":83,"dns":1,"connect":20,"send":0,"wait":21,"receive":27,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/704/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/704/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7630\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:06:05 GMT\r\netag: \"67e4420d-1dce\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f979OM6IqxYBMCaNNgsOnUXd3bgDKEd1VBm8iDfJFzFUQDpVWs4gGHbUUEfhRkw6fKkdxQbOYujgTes5qdfNyQJ3WPy8mm5slBSEDJGM8m7Gup4%3D\"}]}\r\ncf-ray: 9a6e23f77986783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7630,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 256x144, components 3","md5":"2fb58b69312503604ce7deb0bb76c440","sha1":"b68250246df135cdfa7d0f01bd70c095facf0b75","sha256":"ac0aedbfac527ba83485df3038a5bce23a504eead05a9ea38d5456029a5b1c24","sha512":"2a3116ac449f973f99ecce9bfe2bfb6fe0bbae51a00f8abb35894e9275e36c8b63c1fe6ff4f2868c988b2b42572038e2e9626c177fc105d3d8b676214634d8d6","ssdeep":"192:BOo0BOA5ZcRu1pcvDXF3PH1R19FluW7ID7hjn98:BOo/QuU4XF3J3luW07hR8","tlshash":"c2f1afb6e69d87d135238bcef563cce1c6fc910322e181099dfb4bd8858865851bce4c","first_seen":"2025-05-26T17:14:11.041061Z","last_seen":"2026-01-10T19:43:01.80749Z","times_seen":6,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=151","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=151 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":738,"timings":{"blocked":322,"dns":30,"connect":94,"send":0,"wait":94,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=526","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=526 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":38,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: br\r\nage: 4988062\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-149a0\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=05HhQiKqEPS75vTlaq5CKBRjpJuY7CWOiVewP3PmiNR%2FwG0IA%2BwF7IL293jpjKpl0oYT37moBx9iw4K2P2XXqLOgJgR7QYbo%2Fi12SOFw\"}]}\r\ncf-ray: 9a6e2407fc9a5699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-05T10:20:01.373728Z","times_seen":10422,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRSuzuawKKKuiyeFQT2suJl0T3dPZtxDNMZIMJuEJBLQi9Vd1ZNyerp6q7qnJ3MKBmS9jXtywUPnm2TDavDHHyC7TLwFhO09LDlsEBY8K8qeZSYDiw_qvVd8BfV933tf7aVnxEZKT1evy64IQzrtls3SlU0RMZnp0vJGyTLL5rXSpoiqzrVSZ5hU-13Ldsrm26WPuN-U0xXTMk3LtEoLQvFAdqZHKER8VLfKdbPsVMqW66Cj_n_XqQFNDbD2GbkEwYoXnwSfQfgDRK2f57luJjK--mErDWkiFdrs8JOoGcksQutZGygDQXQ4fg2pC0K-nYCMDscKINv7QwXwREEmXn0MLzoc04TXPjhn6oXgETz2PLL2ADwcQNABfLkLwR4QwGdYXkHUurMsVUa3z1E6RAsy-fQfiKwgk48vI2r9OBeKTmldhmkiZKTRCXKIzgCiMUCcHiPpGhDZMfzkSwj2O5l-uoSotb-iQwnBTt9iXlANKgGfoiYPphw6U5milu1OMWaZLvW8GeqZI4tEMADVBtLhEQbSwEAaG2ix05Jj1hzfonY1qDN_xnSo4zDumfVaxTRp3Z9B6g-595DEPfhhD77aQax20BS3HriXCkIerUOl96G3cmhmQCcEbZYj4wSZJsgoQSYIsoQga-cHLNQVnd9hoU49a1wr42rnfZk09uiBTBo8IqCqB8XyfRHf0Lvwkwv9bqBZXw4T9ZK8Tz2W78Vn5OWhvcbXj-6hyU9L9aoTuLWa69acwKsHdcrMmluzKy6lrunaLrTIIfTEyJSuKIiz-jdiUZCL7E149Bg6PIYvXgJNXwfNctCtHN3oJ96KFdc65LRZ7mx3wWSOOJlEsm3shWfklf7axtz90aA_n38D3D957wX26WtHFy34KkescnwhfiNohDf7azIj-2sy0-SXlTgRLdGlwyVYT2jCJ7__mG9nUrHFed27-74_BIbt0QbXyRKNmIgamvwwJxjjakEqn5NfF_Um91ZTvTWXqiiNl1Y_WFg8ZytkNAAVBXnuu3fgi4JcvjI7WnD33z_gxzvQ8cnsE3sU0JLAiw2EoiDXb91AyE9m796-nRNigHo5NH-myeMn9_4io9jTN9FQBmiyi6iVo61ytMMcNOxBpxf6SaxOZh-O__BCo--Fytj3QhV-c-6VFqelwOYV3zRrM1XLrgXcsh3mB27NqbMqNW2bI9GFuPrwz_8CAAD__0kROR2HBAAA","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRSuzuawKKKuiyeFQT2suJl0T3dPZtxDNMZIMJuEJBLQi9Vd1ZNyerp6q7qnJ3MKBmS9jXtywUPnm2TDavDHHyC7TLwFhO09LDlsEBY8K8qeZSYDiw_qvVd8BfV933tf7aVnxEZKT1evy64IQzrtls3SlU0RMZnp0vJGyTLL5rXSpoiqzrVSZ5hU-13Ldsrm26WPuN-U0xXTMk3LtEoLQvFAdqZHKER8VLfKdbPsVMqW66Cj_n_XqQFNDbD2GbkEwYoXnwSfQfgDRK2f57luJjK--mErDWkiFdrs8JOoGcksQutZGygDQXQ4fg2pC0K-nYCMDscKINv7QwXwREEmXn0MLzoc04TXPjhn6oXgETz2PLL2ADwcQNABfLkLwR4QwGdYXkHUurMsVUa3z1E6RAsy-fQfiKwgk48vI2r9OBeKTmldhmkiZKTRCXKIzgCiMUCcHiPpGhDZMfzkSwj2O5l-uoSotb-iQwnBTt9iXlANKgGfoiYPphw6U5milu1OMWaZLvW8GeqZI4tEMADVBtLhEQbSwEAaG2ix05Jj1hzfonY1qDN_xnSo4zDumfVaxTRp3Z9B6g-595DEPfhhD77aQax20BS3HriXCkIerUOl96G3cmhmQCcEbZYj4wSZJsgoQSYIsoQga-cHLNQVnd9hoU49a1wr42rnfZk09uiBTBo8IqCqB8XyfRHf0Lvwkwv9bqBZXw4T9ZK8Tz2W78Vn5OWhvcbXj-6hyU9L9aoTuLWa69acwKsHdcrMmluzKy6lrunaLrTIIfTEyJSuKIiz-jdiUZCL7E149Bg6PIYvXgJNXwfNctCtHN3oJ96KFdc65LRZ7mx3wWSOOJlEsm3shWfklf7axtz90aA_n38D3D957wX26WtHFy34KkescnwhfiNohDf7azIj-2sy0-SXlTgRLdGlwyVYT2jCJ7__mG9nUrHFed27-74_BIbt0QbXyRKNmIgamvwwJxjjakEqn5NfF_Um91ZTvTWXqiiNl1Y_WFg8ZytkNAAVBXnuu3fgi4JcvjI7WnD33z_gxzvQ8cnsE3sU0JLAiw2EoiDXb91AyE9m796-nRNigHo5NH-myeMn9_4io9jTN9FQBmiyi6iVo61ytMMcNOxBpxf6SaxOZh-O__BCo--Fytj3QhV-c-6VFqelwOYV3zRrM1XLrgXcsh3mB27NqbMqNW2bI9GFuPrwz_8CAAD__0kROR2HBAAA HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=dbf6f2fe-a0ef-4a72-a135-dd105abb7ab0:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25810879=1; slec964f5885584fb9f9ad0858325aa50535=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+1c41edbfba09cf3b6ef2a9ab59dfdfc2=6308898; expires=Mon, 01 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Mon, 01 Dec 2025 23:31:51 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7879e6719cd4c968fd94c18610e60ccd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/31.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/31.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23350\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-5b36\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5454\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x08TIvH9qBbO6JDMH1wOfD4imuKtZRRu1Oiit1%2FXaLiZny2YwvFm16EemDHdIdc5mKWLPv%2FrOlfo4prdHWTE0e1x3ocxQ%2BB5XCAr7MV9fkTpht4%3D\"}]}\r\ncf-ray: 9a6e23f7799a783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23350,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"1adffcb162f0b0103e5de80d09224c42","sha1":"b90ec92b798e0223e069671e876180d2fefc37e4","sha256":"01024fba4e171f55a38aeb9205385ca79bf5676af886f01294e61c2190c13212","sha512":"a8883bcf81708ea71416caaccfd8712c36f68abcaa720f6cb3849a439ff1c744546e91bd72c0f7c0659780df63a7d1dd3a1e666a6f9df3f39bbcabb9ddaf5665","ssdeep":"384:5c5/ZAYa1hugWnTusn8E3i/+1uXQk6vo2D0JCVsOqqZkFAWO1yx+:5c5BJa1kgZsn8Ec+1uX36Ar0QnmWx+","tlshash":"27a2d0326bdaebd4f1d0644e928e5e64d5ff2c4281cbf419c2c590539b76e4804f5a8c","first_seen":"2025-05-26T17:14:11.030837Z","last_seen":"2026-01-10T19:43:01.848147Z","times_seen":6,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7304/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7304/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8136\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:09:17 GMT\r\netag: \"692990ed-1fc8\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bc7YPttUt%2Fk4G0RowkFTvIVnnJTLYuBGCYMRjcr50lgsDxfVDCG4%2B%2Fum6RRRajBh2vpP3E7OibEW0tIHzvNIZhILLCTPArfCl5U%2FRCCB1nHsQHs%3D\"}]}\r\ncf-ray: 9a6e23f7fa9f783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":8136,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"0b1cef1cf758bbf27cb520b7ae406329","sha1":"298d8796dff998ee92caaa7395d868f960a15adb","sha256":"7e5d8c17616395b4b5b9e275719918e3e3ae8b25610331ae77429985cdff05f1","sha512":"9aaa8ed217a15467329ce4bb48e790771baf04a7ae5cefd37ff8eb935e9283c3caf9b8975cb41031b127fff8b4829ecf4359bd91681f1a51b39ab6591026fdd5","ssdeep":"192:x824Z93uj28NJlgtE87pvaWyt/gRKqMCjPV7IeTYTnUA:xDwK2eoe87lSIRKqcRnT","tlshash":"8bf19eee258083e1f88ae3f0d4370c18cfe5690916a9df5b70c871f146655650dcfb6a","first_seen":"2025-11-30T23:32:22.170612Z","last_seen":"2026-01-10T19:43:01.854309Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/3965/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/3965/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14423\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:06:03 GMT\r\netag: \"67e4420b-3857\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5102\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hS9vCxhf6UWykvsTkamqWvXp29YtRxWIIVsH7FwbC4nqR4Ym45VDZ5e9LE8TY2jZuNwIzNt%2FlgZC7%2Fp1pVbVlUX81x8%2B2uciRvVn%2BE3DeAx5jPs%3D\"}]}\r\ncf-ray: 9a6e23f7a9df783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14423,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"6c7c6a19a5a4b2df0a7c2fa726c5dd1d","sha1":"be5e51e46bb0a4a09ce785c069ddea731fdaaf07","sha256":"3d65bb6d2af2166f25d7806da1943a31fc33afcfa92b83ca3760b694e2568392","sha512":"df7f4d86adc3d54187994fcbf04fcf8f7d9b16d86afe78f98246d22d78d3e88c46433feb34516645057055589c627dae9d47cba8a3518328c35122a00b6b2984","ssdeep":"384:xbVCuGo/GHkKy0t2UXLXhO+QTG9R12CCR3I9H9:xRhGoeE8jLxOGmR3If","tlshash":"5b52cf2fca3028f670e78af56937eca407c21191bca43a0056ead2c0d56e86df599f0d","first_seen":"2025-11-30T23:32:22.171413Z","last_seen":"2025-11-30T23:32:22.171413Z","times_seen":1,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/5954/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/5954/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8756\r\nserver: cloudflare\r\nlast-modified: Wed, 02 Jul 2025 10:45:29 GMT\r\netag: \"68650dc9-2234\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UP1cMFb5JDGFV%2BtmDRSGNnePp4ox2vAU01YNKDjDxNrNMSvCErY16DtEd1RVfHbRej1E0TG0IGdfR5%2BgFuq4oA1ay0djtEV5mktg2XNoiwZocyY%3D\"}]}\r\ncf-ray: 9a6e23f7aa08783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8756,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"a6c86fe0e8a8a3536b14ffc1ae691710","sha1":"88ceef3dbc2b2814b8b64fecf22276bea1df7a43","sha256":"c9d2fac43d7e33e26faad9afb9135257ea0d1352c95584f0c6ae0c907d7bb56b","sha512":"5836b1d69b5b992ea366aea49dea0efa1464620431f63c047d319dfd81e44811130e405c928a163ad4571186a66c99b2d4c53e371883f704c2a5940875eb0013","ssdeep":"192:xxtJrn7q2RVnD+vSXe8Mu1j1aeVwEi829Ibi61A92ZOcJzf:xrlnhHn/ufk3wp92p1dZBJzf","tlshash":"7302af4a37d343d0f72951f047badd64a0e75ddfa2e061151b95a232ee32fc9884bb08","first_seen":"2025-11-30T23:32:22.172207Z","last_seen":"2025-11-30T23:32:22.172207Z","times_seen":1,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 22 Oct 2025 06:18:58 GMT","end":"Tue, 20 Jan 2026 07:18:54 GMT"},"fingerprint":{"sha1":"C7:F8:82:22:3E:BC:9D:F4:7B:0A:EF:A0:EE:C2:C2:D1:34:7E:55:1D","sha256":"EA:85:37:F0:6A:CB:4D:61:4B:3D:2C:58:4B:FF:E5:CE:3C:33:94:71:D8:11:77:5A:C1:99:2F:94:1F:D2:FD:F1"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9a6e23f88d2456b4-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T10:46:39.818593Z","times_seen":330370,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":45,"connect":1,"send":0,"wait":14,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"use.fontawesome.com/releases/v5.7.2/webfonts/fa-brands-400.woff2","fqdn":"use.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.67.142.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"use.fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Oct 2025 03:19:03 GMT","end":"Mon, 26 Jan 2026 04:18:56 GMT"},"fingerprint":{"sha1":"33:ED:5B:34:BA:AF:AF:80:58:92:84:39:09:81:C2:1C:F2:7B:1C:61","sha256":"F2:60:62:61:00:2F:5B:44:3D:71:67:60:E5:36:87:F9:BF:1E:D6:39:B2:E1:C2:20:E4:11:6C:79:74:03:6F:DD"}}},"request":{"raw":"GET /releases/v5.7.2/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: use.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://use.fontawesome.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 72112\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d4D6hdQNnEznEGQizXY6pSR%2BfsXIZNey2sXvqLWFkVnKiEmXDz%2FctKCy%2FIhctVCOH5IccU7I23SvBszJqGmCAqocL0B0CyudCcB75mRIP2FQ\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\netag: \"4b115e1153a9ea339d6a0bb284cc8ed3\"\r\nlast-modified: Fri, 22 Sep 2023 01:45:52 GMT\r\nvary: Origin, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 84302\r\ncf-ray: 9a6e23fcdaa27129-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72112,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 72112, version 329.31064","md5":"4b115e1153a9ea339d6a0bb284cc8ed3","sha1":"f988b2efe9434b0af28943708d33dd3afad9a5ba","sha256":"d5f471476e1636e23b00991ae8a85d3703ada55bc6d6162472a28aa94fa64d4e","sha512":"c7a8e9341f5194d2c8dcaadaabb42d6b025433e79b5bfef680f06d0d8e3674e3c00b1a669207d4809e202e24ad0f7ffe702a674be32ea01862a09eb0ea21baad","ssdeep":"1536:bF9XCilr6kyJsCue+7zQhNFepcW90fAUQiyPEM7XTVDW:pZBlmkyuW+YfFepcW903W/7TVy","tlshash":"216302eaf6a0885746db10ac317941dba2db2db91e92d4e00187968ddb130c2fc16fb7","first_seen":"2023-04-11T01:51:17Z","last_seen":"2026-04-05T10:22:42.833207Z","times_seen":1636,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:52.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 25 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 446956\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T10:47:29.499783Z","times_seen":716431,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":21,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/24.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/24.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19111\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-4aa7\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5454\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wdU1axsfI7C3%2BxMBG6KyKrI7FTV8aKnQrLmBhz3jsIuDFXi6P5q71K5m7yZftCJ26LLv2APdnVXJ3KBtGpYwAIujjRRqTk9o0lmgj%2FWaOKRoCeA%3D\"}]}\r\ncf-ray: 9a6e23f77993783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19111,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"e1e83f289c0aa0e4a9ad22d877e5309a","sha1":"e3e38a59f536ace2d94aee12cb4c6a27523a90fd","sha256":"fb7000edf2a49629d4fafda3641fd3c67da94aa3318ef5bf6605c096007ae927","sha512":"471b415b5def5a83f7fd72fbd32967575075d4f33114f574aedb83004f316b792d03065efe8877fd1771850f35a9299a6063cea9413dd0a96940d39b8335cf0e","ssdeep":"384:5mdtxx91M7DgavAdyZnkUTc6lDOtTWJAEonLY/kIEHWq8:5mdLpM7DLvY4kuc6+WGdnkSHWq8","tlshash":"4b82d1b684fb0ad7bd9144a584c5ffb8c0fe3126f48d167465f2250ec6cee0aa52e2c4","first_seen":"2025-05-26T17:14:10.978615Z","last_seen":"2026-01-10T19:43:01.83757Z","times_seen":6,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7317/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7317/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13430\r\nserver: cloudflare\r\nlast-modified: Sat, 29 Nov 2025 00:56:59 GMT\r\netag: \"692a44db-3476\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ozaUYKmk8vaeCINwUr7BiN56x35RcsbtoloCA3ZrGgvqKyyiO58gluXfCwzFLC7TTSoN9IO9d1dCHjhfEjS5Uwg1L54CVjqoiYN9IhGgt8w9VwM%3D\"}]}\r\ncf-ray: 9a6e23f7ca49783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13430,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"11d75afbb315533143b488868a3ebee2","sha1":"c7312c0ab71d328e0525527485f6e538741e37d4","sha256":"3f8a545c4288e6b33e875801e8f664cbe05aa094831c65c0a40395c35f17324d","sha512":"0f544bfb19634eee8fa5465330cf4f2ae74230f4296057b20dd293fb2ea6c46db2d6947584ab24e7b99aa14db9abdcaf785c975a809ec90d5586303e3af54e00","ssdeep":"384:xKeqXoVXaaYc1IOpLybLFSdq8frX+FyvE9:xKhdcc8RfrXA","tlshash":"5652c06d70a98fd6f40b867af0630c87becc9a930d8527b125d25a16c454ef6cce861c","first_seen":"2025-11-30T23:32:22.174736Z","last_seen":"2025-11-30T23:32:22.174736Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7311/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.219Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7311/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10248\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:32:11 GMT\r\netag: \"6929964b-2808\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7003\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4XDQ9m6Yz2iTAzeCASSXdF2aPPGvmGt%2FaPBuVb4Qwd648a9KIQabtEvkhtH1OrbYMeDqpf2plHcAWZ7gsKcaVls7rZTnDR58TbOGJ04NvXOOL70%3D\"}]}\r\ncf-ray: 9a6e23f7ca50783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10248,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"921eaafb7682d2bd3ae07c968c8c2f39","sha1":"026b72c03f5545f7bb0c7aea1dc180ee0b2f6f6a","sha256":"b36d7d523905978404c6c30d9ba96acaff582c2c70be219ce7a025801076dcea","sha512":"5e1890c7842569c12058af1a2a58155505983e4e80968c855efa1c72ff3b8d860d4a3c61d4477c7a08173f9c50cdd10688ef47737f9ef112e66eb9408396c879","ssdeep":"192:xOjb1PWcm1JrtbRxIVpQupyqGtFig72Mm9mQKXQluwD0NY6:xOjb1ucmPr3GVSsyq4amTQliNY6","tlshash":"4422b0470f6592f23d25010652287e84fdf48d68b2cddad87fd32f84983539cc8e9945","first_seen":"2025-11-30T23:32:22.175534Z","last_seen":"2025-11-30T23:32:22.175534Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7310/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7310/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17351\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:29:51 GMT\r\netag: \"692995bf-43c7\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SxyfUI%2FSBLK7wFI%2F1rXsFqQYxw1O7txF5U9siYAlzCY4RicuzLuwAY1zKYbj2RoBMJDcv6eNVL4YKqQlRxe7e3ohN464rk6DR%2FYP608%2BMx0qRCA%3D\"}]}\r\ncf-ray: 9a6e23f7da63783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17351,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"c4f6cd78758b719e5f515b577d3444ce","sha1":"55ac6ae7eca9c962a88bf2ee88f9ba51e934066a","sha256":"db3ddbcf24a1b37f3b8928bb1e2f45a336c5d65a160827a242b7bf97515117b0","sha512":"27436ad7fbf391dc9c0dedd8e46a6b6b068541a752a956b69309394460912b628495f9fa3014154e88cdbfb5c8d57a4e0d0c98b415506bd500bb2387f4fbd7d1","ssdeep":"384:xpYDMNOC3pNqO6f8Uufj/abmnzvZMZUk+4Lkl1dsWyr:xurCZN4fBufj/um1MZlC1Kr","tlshash":"f172cfe174d252cd3a76b1a41552cd1e10c94a63ecb4229bbcc8efb7c9b47ba704c278","first_seen":"2025-11-30T23:32:22.17639Z","last_seen":"2025-11-30T23:32:22.17639Z","times_seen":1,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=biLj8WND4oO2rZUAe5U3Vr5f07kB%2Fo6TsQutFNKjCsynkceelGWnedpDklPqi6YoNhiq%2FJSRMRjOJ0LORXuii1QNJ%2B7IpeLbcBV6ZckS9Ws%3D\"}]}\r\ncf-ray: 9a6e24039fa43181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-05T10:20:01.382478Z","times_seen":5467,"resource_available":false,"data":null}},"time_used":575,"timings":{"blocked":57,"dns":25,"connect":1,"send":0,"wait":461,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=151","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=151 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":93,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/4.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/4.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20483\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-5003\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5454\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ahmT1VsGRGJvMleWPxK%2BqE9yeAh2SapxxpusP4W1%2BgoB%2FamK98BtVEaYFf6yg6eeitFiwKlL4lma%2B5yl0N8V22IKoBB4M42MRgCoSTOH7Dio4bk%3D\"}]}\r\ncf-ray: 9a6e23f7798e783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20483,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"63c75434e7b8f4a9aea6095370b70a00","sha1":"6278eb76f0a78cf698ed0f49d02c79e53d54b0ac","sha256":"16b7c1f8c4908c44f3ebb52f699a5d5236f51a4d5220905a0b4825c7aeec0a71","sha512":"917a987b8687efdc25a88518aac43de2eb9133bf7c6066ed36b91a1215793bf4eafc953c854fc5ca1d75c2a94af51805fbe7887bd1e5a8cc807dd38128fdbb07","ssdeep":"384:5uPIEdQiDueoxoTeNB7FO8rrJqIJntcpR9tYB/ASwwBVJpn2SV0Jp:5ubdQiBumwFO8rxN6y/4wrJ/VQp","tlshash":"3d92e1711f538acaf23414538a635fde52ebcb850d5a8668adf250f6f821586c0f4e78","first_seen":"2025-05-26T17:14:11.002616Z","last_seen":"2026-01-10T19:43:01.800231Z","times_seen":6,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7316/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7316/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17180\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:50:16 GMT\r\netag: \"69299a88-431c\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tckGNtIqWA0CzNZbplHin60yw3CKOTvedqaDGjJ1G1TS%2Bs1sJdMZSggcpfcESxbPL8egXS3yvSp2yRQzi1J3kEZV6UdsFEEIS6%2BWAuYx0uJeyTU%3D\"}]}\r\ncf-ray: 9a6e23f7ca4a783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17180,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"988960774c2ecc6f35545de119d04456","sha1":"2ec39ab77006a5ced338cc8b949b5a58c4fa2cd8","sha256":"4e582ad77a098bc756050b387c096b79949a50b35a81bde4d6d108bb49fcb565","sha512":"e6dc0d9873a316a25ada13f30c1dc88a200b3f9a6868a9c7b2c3d950adae091059693c32f9c9a3b7c712628df8a07c098343b3ec3d023d9ad236b05c243e0fe3","ssdeep":"384:xj9Vu9wriLBMLYC0FgT+1oqCkF6XHRpN8Rkq9D:xBqBGd+g63qxpNTwD","tlshash":"a272c0b8c21241d5986d04e3fe5afcc17ffdbd340ac8922627d95d43f216ddea518294","first_seen":"2025-11-30T23:32:22.177825Z","last_seen":"2025-11-30T23:32:22.177825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7302/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7302/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11064\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:04:44 GMT\r\netag: \"69298fdc-2b38\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EBY9oc%2BWuLF%2FMdbgbqJnS1WDjDw33VRycLQ940sZB5ZhMupnfzEDktOl8Jrrrnde%2F765n2qxETMFLdsjbKfs3dPm3xdRahoqoFpGylEz%2FcUqfLk%3D\"}]}\r\ncf-ray: 9a6e23f7fab6783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11064,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"f0e0ce4f6afcf8e4f5f842c2772eb51b","sha1":"cd2495c7ada425792052457c3ace9318765101fb","sha256":"c15b3e126de10f090b4af19d7ccae7f8de08ee976c6c0f52227f0af76e8d1253","sha512":"71043a354f62240931741f58a0e69488cc4303f5008962653de28251016a061f10a17e2710910084529b7618102d3d7eb3618d7397752b5e1cfc2ad55114502a","ssdeep":"192:xYca0AQDqVYcV6lYS95mX7ujPtXQxwPDPhU+NAc37Ht5DfT+J2p9:xYcAUl/5mrUl/7PhU+Kijt5T","tlshash":"8632af574f4214c3b2758727b6167d8729f671307a95da2d3ce2c068816317cbfab80a","first_seen":"2025-11-30T23:32:22.178427Z","last_seen":"2025-11-30T23:32:22.178427Z","times_seen":1,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9a835d039a344b2ad56be816fff3a53a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":55,"dns":1,"connect":17,"send":0,"wait":23,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=c0357ce07e8d73dab31372a114d5762a\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=c0357ce07e8d73dab31372a114d5762a\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 830393fd5f653fd645247864e2aaf385\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":849,"timings":{"blocked":375,"dns":99,"connect":91,"send":0,"wait":94,"receive":1,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 04:05:50 GMT","end":"Thu, 05 Feb 2026 05:05:47 GMT"},"fingerprint":{"sha1":"CE:AE:8E:FE:2A:86:03:2B:16:43:FF:98:36:53:B2:ED:10:BF:FD:23","sha256":"95:CB:A8:7B:9C:88:98:F1:EF:D6:C9:79:E1:98:63:76:71:B7:BD:E2:89:6D:CD:55:61:DB:C0:4E:B1:1E:67:F7"}}},"request":{"raw":"GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1\r\nHost: stackpath.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 9a6e23f85f8576ef-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: US\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"67176c242e1bdc20603c878dee836df3\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:06 GMT\r\ncdn-proxyver: 1.07\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 12/15/2024 13:11:59\r\ncdn-edgestorageid: 1232\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-requestid: 3e862263663f67290b540cb164dfe86d\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncf-cache-status: HIT\r\nage: 7778060\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51039,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (50758)","md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-05T10:49:51.452575Z","times_seen":120630,"resource_available":true,"data":null}},"time_used":306,"timings":{"blocked":125,"dns":126,"connect":5,"send":0,"wait":8,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/css/style.css","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /templates/frontend/dark-blue/css/style.css HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 30 Jan 2020 16:59:34 GMT\r\netag: \"5e330b76-c6b3\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8QCf7FgUhH1VG77XxkC11KN6r1%2FHx9hxzospXcfIVbGd19E6LncD0olS0NeU1EG9zSho6sukFaM%2BjmiOfJKBHG5ecgXE9ksJc98L5umt6Oe1Qk8%3D\"}]}\r\ncf-ray: 9a6e23f75939783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50867,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (312)","md5":"f5f697e9262776f499f9897de3876e88","sha1":"492f5b1b17099471d77f35deeec5bbb86e367142","sha256":"3751f1912fd91d2ce2fafabd9403cf82773e0863f87001fbf4ec50f4a201e1cf","sha512":"38c8410da9b91a35974f72f815f3a1859b978200eb59f25d0667d1597e6c94862e33afd288c02f130563f7a4c85b79891108a1882bbdd4d87dbc8428ae7a6ada","ssdeep":"768:SrbtSi2GF1DxM6TqGAF2wAdWR+aubl2xloaN9GoO2Enkn:SrbtSOnDqVEwAdWR+a2l2nosfEnkn","tlshash":"7f3397a6faa31c09700fd09c6f69fa92172d0183da0fcead76516618cf897d454b2f8d","first_seen":"2023-05-14T07:50:41Z","last_seen":"2026-01-10T19:43:01.85574Z","times_seen":9,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7315/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7315/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12223\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:45:11 GMT\r\netag: \"69299957-2fbf\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Fc1vY4F8axBJBlSSZ8rsbxgIadO4S5v4%2Bna4LjNdvOIdckSpt2UikbXZ6PEYXiaEIShq65vt1t%2FcHor3KXzWaBoByM7Pj6oAdgVcR8mfbFrWyP8%3D\"}]}\r\ncf-ray: 9a6e23f7ca4c783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":12223,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"e00cee74d4967fbf5243f41c06a20057","sha1":"022d444fd9dafc68a8683f938175405c08879e36","sha256":"9ba30cd412a8250626ad627d899d03fe605ba521fa02f7c0d84d7cd2380e2813","sha512":"2b059795180dab1db60fc10bc6dad5ce5e5bd365951480c719c6098d57ba402efd3846ab4f14b34425193283c56d1a349c72d8d2cd794e20e6ddb37a9da1854e","ssdeep":"192:xYlei+ECkjs/h6AAX9oIqGQmNQCpAL0D9Y0DqyCsbSPDs:xYlWECkjs/w7Xx2mVALUivDs","tlshash":"f342cfd3f7a322e2b84a157e11b95f9551d2608daaed6c8487f077460203a91cddd71c","first_seen":"2025-11-30T23:32:22.180829Z","last_seen":"2025-11-30T23:32:22.180829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/js/jquery.easy-autocomplete.min.js","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /templates/frontend/dark-blue/js/jquery.easy-autocomplete.min.js HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Jan 2020 20:35:06 GMT\r\netag: \"5e27607a-3dd9\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nage: 5406\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tQz4BIM1K99plqh2pc4Knie0GAQ9OhjAGJ9BvxM3m74jMLIh%2Bu4o31a%2FVmcRU2Z%2BEhqywUYZQHiv8FgNFQZx4a4yu9sgmMfltdiDmNynOL32wLc%3D\"}]}\r\ncf-ray: 9a6e23f80ad7783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":15833,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (15651), with CRLF line terminators","md5":"2601841f03f0aadfc48539d5c65abf0d","sha1":"fae175b72fcd900bde1dbba757d87f8bbfc47a80","sha256":"96d809fac6760a5059334e69a672e256cb03b34800c230fa19502ad8d933fee3","sha512":"67e43fd4364ebd654de85ee7e36aab09f159b697a5ade37439ac68d2e2e4f8fc32d35f15d9f866ae52033caaa7e5947b7ee1d58589012b7352abe1976d911b6a","ssdeep":"384:g8MPgWFxQKIM5KlmYVwYpYUTlmNpiMCMVl/qnBJ3GLxp2GoLFbc:g8cTFxQKIM5KlmYVDYUTlmNpiMCMVMBI","tlshash":"9e62965c72d9710913a7717691ff000b753aecd9a9094ca0e990c1e06db8eaf5277f2d","first_seen":"2023-04-07T23:53:18Z","last_seen":"2026-04-05T06:19:07.268424Z","times_seen":581,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/c0/35/7c/c0357ce07e8d73dab31372a114d5762a.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /c0/35/7c/c0357ce07e8d73dab31372a114d5762a.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31767\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 7\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 601c9485658a3f2e0dfd77876bb1184a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":81572,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8daf3c1b88c3bb1f421ba11dfa7310dc","sha1":"4b330cb0b1687a3d7d11cd31606fc331a0ab7569","sha256":"060ce1ad264180c00815d5b90586a731f8cd403105910a031c510f4c4039edf4","sha512":"4871acd988fb01f0366d1fe9b94548feb7a898da1137fad79bade3011cd49cfd8ff9cbea075f8e045ef31f1b081c3697eaa25ecdafe527cc2326d4374bdd88ff","ssdeep":"1536:m6cvuYKb5yrHvXp2mbVKBw591hyGoitf68hK3vZEvF:mz2YKb5QEmbV11hyG5tinZE9","tlshash":"ac83e6883f51b09903d76077222feb8bf12edc10109ee444d623e5d97b6834ae5bbe65","first_seen":"2025-11-30T23:32:22.182071Z","last_seen":"2025-11-30T23:32:22.182071Z","times_seen":1,"resource_available":true,"data":null}},"time_used":801,"timings":{"blocked":300,"dns":18,"connect":92,"send":0,"wait":105,"receive":93,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/714/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/714/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5923\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:06:05 GMT\r\netag: \"67e4420d-1723\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9S06hbW3%2BfEt78xgDJq55pQgCFYoI%2FarCR6KswS6rqe%2FpIhyRD%2BKk0jxmrhzE%2BNHwx4ZgH%2BA56JmpwbbR%2F6rJD42RlZYr5yuNarelieV910E59E%3D\"}]}\r\ncf-ray: 9a6e23f77989783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5923,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 256x144, components 3","md5":"c4d67cd918191fe6629a8f78bfe35dae","sha1":"bb4729040bac0735b0372836ceb035d09623a505","sha256":"cbb00433ccc4c8220a1592e09363454c50dc2cf982728f0e071edef7757dac87","sha512":"c826238bdb47c84b230e9e522f26b4b02161a141da54a3ccdafe6650fe42f46f6408355406666154e3eff4bba63bd8c4487b97071bd15e06f75f12c695e9f402","ssdeep":"96:BEKvyFTI9AAFblr2F9KQTrV8gdC2bkIMiwhkT7de37AZOTAvutY:BJOIWAFblo9XhkckThQe30gT+sY","tlshash":"55c18f298365e3e9ba66d5fb1a07ae51e3da1950c5804a0c8dcc0f70b0b14b4e91cdc2","first_seen":"2025-05-26T17:14:10.991548Z","last_seen":"2026-01-10T19:43:01.798942Z","times_seen":6,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/cdn-cgi/rum?","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 417\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9; _ga_RCPYBL52QP=GS2.1.s1764545510$o1$g0$t1764545510$j60$l0$h0; _ga=GA1.1.518606631.1764545510; dom3ic8zudi28v8lr6fgphwffqoz0j6c=9dd00c19-9acf-459f-9943-74cbed3d20fd%3A2%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":417,"data":"{\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1610,\"startTime\":1764545508177,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":1},\"pageloadId\":\"c0906b4d-ba3c-4284-8933-596ba78c6941\",\"location\":\"https://www.empressleak.xyz/\",\"nt\":\"navigate\",\"timingsV2\":{\"nextHopProtocol\":\"h2\",\"transferSize\":15951,\"decodedBodySize\":92351},\"siteToken\":\"cb1d3e9533824baeb374a71ea9cf923a\",\"st\":2}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sun, 30 Nov 2025 23:31:50 GMT\r\ncontent-type: text/plain\r\naccess-control-allow-origin: https://www.empressleak.xyz\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VBcgTzBlOVgxBU74s1TObA5faoApATES%2FFsbuplilMA1CUjnRvspfJ2UJGIIXePlJ5rRdTljADukPXPpiltK6kMr%2FvBjICtSL%2BTcyd0fMVktvVU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9a6e23ff0f3f783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XiqFqwttZK7vDOAkNh3zOuRckMkm46QC%2BQj6zdxPR6nkC%2B0zVqSbTOd8GFSJLrH3BacXWPaMidb1FCsWlj31RurkDRSsbNtS%2BahKI9AactI%3D\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"68b9703b-2762\"\r\ncontent-encoding: br\r\ncf-ray: 9a6e2404ba133181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-04-05T09:34:36.948255Z","times_seen":1584,"resource_available":false,"data":null}},"time_used":472,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":472,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1SSz2skRRTHq7M5LIqo6-JBFAb1sOJm0j3dM5N2D6txXVlcd0MSCejF6qrqSTk1XW1V9_RkTsGA7MHD6EnQQ-c7yQY1-OMPEJeJt4CwswfJYYOwB6-KsmeZZGDxHd57xacovu9b79Pt_Jj4yOnR0ru6L5Wi8_WqW7mwJhOuC1u5sVrx3Kp7qbImk0ZwqdKbJNN9zfODqvtK5W3B2nq-5nqu67le5ao0Ita9-RMKme6HXjV0q0Gt6tUD9Mz_zzZ3YKkD3j0m5yD5-MkH8QeQbISk8-MVYduZTi--1ckVzbRBl--9l7QTXSToPGpj4yBO9qa3oe2YkC9noJO96QTQ3Z3JBIjkmMw8ex9RsjeViai7e6o0UhAJIv44iu4IQo0g6QhMb0HyuwRgHDduIuncvqFNQTdOKZ3QMZl9-A9kMSaz988j6Xy_qGSvsqJVnkmdWPTiErI3gmyNkOYHyPoOZHEAln0CyX8j8w-vI-ns3LRKQ_Kjl0POXZd54VxIWTwX1MN4LgwDf64ZsEhwn9fcmJ9YJOMRqJ1Bbh3k0kEeO8hTBx1-VAnchYB51G_EIWdNN6BBwEXkhgs116UhayJnE-0DZOkATA3AzCZSs4m2_OJu_dyYkN9XYPI7sOslLHdgM4IuL1EIgsISFJSgkARFRlB0y12ubM2Wt7myeeRNa21a_XKos9Y23dVZSyQE1AxgeLkj04_tFlh2ZtiPLR_qSaJRVg5pxMvt9Jg8PbHX-eqz59AWRxXm-vUmE25TLPCmz2nke36zRj0v4PVmo0ZhZQlpZ0Ctg74ck2Dpb6RyTM7ylxDRA1h1ACafAs1fAC1K0PUS_eQH0UmNsFYJ2q72NvrgukSazSLbcLbVMXlmuLy6eOfkoz-88iIEO3z9Cf7-8_tnPTBTIjUlPpK_ErTUreGyLsjOsi4s-elmmsmO7NPJEqxkNBOz374jNgpt-LUrdvDNG2wCJu3-qrDZdZpwmbQs-W5Rci7MVW2YID9fs2siWsrt-mJukjy9vvTm1WunaqVORqByTB77-lUwOSbnL1w-WfD6v3-ApZuw6eHlB_5JwGqCKHWgJIESh2QaoFEJKx7NE4nDX_46Zdv2FlrGAc22kHRKdE2JripB1QA2PzPMUnN4-d70_Ug5w0gZZydSRn1-6pOVR5V6LfIbCwsNETd47HO_5vOw7oowoGEjCIM6MjuWF-_9-V8AAAD__0At-veDBAAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1SSz2skRRTHq7M5LIqo6-JBFAb1sOJm0j3dM5N2D6txXVlcd0MSCejF6qrqSTk1XW1V9_RkTsGA7MHD6EnQQ-c7yQY1-OMPEJeJt4CwswfJYYOwB6-KsmeZZGDxHd57xacovu9b79Pt_Jj4yOnR0ru6L5Wi8_WqW7mwJhOuC1u5sVrx3Kp7qbImk0ZwqdKbJNN9zfODqvtK5W3B2nq-5nqu67le5ao0Ita9-RMKme6HXjV0q0Gt6tUD9Mz_zzZ3YKkD3j0m5yD5-MkH8QeQbISk8-MVYduZTi--1ckVzbRBl--9l7QTXSToPGpj4yBO9qa3oe2YkC9noJO96QTQ3Z3JBIjkmMw8ex9RsjeViai7e6o0UhAJIv44iu4IQo0g6QhMb0HyuwRgHDduIuncvqFNQTdOKZ3QMZl9-A9kMSaz988j6Xy_qGSvsqJVnkmdWPTiErI3gmyNkOYHyPoOZHEAln0CyX8j8w-vI-ns3LRKQ_Kjl0POXZd54VxIWTwX1MN4LgwDf64ZsEhwn9fcmJ9YJOMRqJ1Bbh3k0kEeO8hTBx1-VAnchYB51G_EIWdNN6BBwEXkhgs116UhayJnE-0DZOkATA3AzCZSs4m2_OJu_dyYkN9XYPI7sOslLHdgM4IuL1EIgsISFJSgkARFRlB0y12ubM2Wt7myeeRNa21a_XKos9Y23dVZSyQE1AxgeLkj04_tFlh2ZtiPLR_qSaJRVg5pxMvt9Jg8PbHX-eqz59AWRxXm-vUmE25TLPCmz2nke36zRj0v4PVmo0ZhZQlpZ0Ctg74ck2Dpb6RyTM7ylxDRA1h1ACafAs1fAC1K0PUS_eQH0UmNsFYJ2q72NvrgukSazSLbcLbVMXlmuLy6eOfkoz-88iIEO3z9Cf7-8_tnPTBTIjUlPpK_ErTUreGyLsjOsi4s-elmmsmO7NPJEqxkNBOz374jNgpt-LUrdvDNG2wCJu3-qrDZdZpwmbQs-W5Rci7MVW2YID9fs2siWsrt-mJukjy9vvTm1WunaqVORqByTB77-lUwOSbnL1w-WfD6v3-ApZuw6eHlB_5JwGqCKHWgJIESh2QaoFEJKx7NE4nDX_46Zdv2FlrGAc22kHRKdE2JripB1QA2PzPMUnN4-d70_Ug5w0gZZydSRn1-6pOVR5V6LfIbCwsNETd47HO_5vOw7oowoGEjCIM6MjuWF-_9-V8AAAD__0At-veDBAAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 31bf95fa9b0ccd27f3454d73ba61e059\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/3122/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/3122/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15786\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:06:00 GMT\r\netag: \"67e44208-3daa\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 6297\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FKUmle4q4ST5N3tFFijNGJLxXm%2FdlMi%2F0kMWpNHipAPc9wQehZDgxYpuREINba89a1jrH3NvE9YrXID49HYxcqnk8a5VxD9t6b2nQyWJ3pzu30I%3D\"}]}\r\ncf-ray: 9a6e23f7ba12783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":15786,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"a6d484c18ec545d131920b67b64d11c6","sha1":"8bf610e821052ae8a605fe1a058a078a10be6c24","sha256":"45433e11ec6fd0fe9a64c91557a8bf8d660506f07665abc02caafc8550d3e7f7","sha512":"deb03108b64f137c9c68b76c226d5ae8c7786e514a020f59e71808e29989e3232cf225c7f3d7e62d2f44cb093020cffe5fd101582ae6133ab45ba97182f6fa18","ssdeep":"384:5NL2eTgC3LQGkNw2RHxZ59Yfe5j5WeG8V:5V2eTHLQGkD95OfqZV","tlshash":"5f62c017db12dac1388ac1736559fc22a9ea8aa1075e4f435bf192c8cef4fe5645ccc1","first_seen":"2025-11-30T23:32:22.184539Z","last_seen":"2025-11-30T23:32:22.184539Z","times_seen":1,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\npriority: u=4,i=?0\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 3437680\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bohSb75cmFukOsxf1VtG%2B7wQQ3tq55U4xKDPNLqHw3btxsDqnIcn2FpL5GdlW0JcnIvLmganrVQNad07hv3436DbZlr2NE1VCSfTkHYJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9a6e2407fc995699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-04-05T09:34:37.031429Z","times_seen":1661,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-30T23:31:48.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nx-powered-by: PHP/7.4.33, PleskLin\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sun, 30 Nov 2025 23:31:48 GMT\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yV9hSNyRjXEDItn1jNeB4%2FzV2UcybwmtT6zFbqeglMqOIHoKpyCHes3EbHzv%2B6aJDlWbg3%2FjQoEq8OQ8DbPwvQRYDYP7q9Q4xptow1zrl4ujf6s%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=7,cfOrigin;dur=425\r\ncontent-encoding: br\r\nset-cookie: AVS=ij9mi6tavatckfatitur00oht9; Path=/\r\ncf-ray: 9a6e23f2a9a3783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:4.1.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Popper:1.14.3","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"BootstrapCDN:4.1.3","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":92351,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10118)","md5":"0bf275c403579fc08e8512e128cd5868","sha1":"0d5717233ab8aecffaa51eb9bd127c9f36a48b2a","sha256":"3d77a9bc1b516e0044b1a4971f24356db7643edc80850355cb188eb757e6f98b","sha512":"a09b83aa2856d1ab13d71b8b85f686178668cd3ac2b54dcfeb1cb5de4ccdbd01c9636d126aed0af7ca39748bf4ff0bb04aaca4c82b5afadc15bfa52be66612ed","ssdeep":"1536:r8VrrPHqxlJ6CycCXVHtChAdcjMJ029+6i/hSPCg:OrJcGcjy","tlshash":"6193eff1c586c5fe0db2d2e955a62b1b22cae07dc7920e3277e653bd1acee40ac11711","first_seen":"2025-11-30T23:32:22.18589Z","last_seen":"2025-11-30T23:32:22.18589Z","times_seen":1,"resource_available":false,"data":null}},"time_used":557,"timings":{"blocked":57,"dns":32,"connect":1,"send":0,"wait":442,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/19.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/19.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 33613\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-834d\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VXWCtnssVnOwJaxzUdrH82SWRtNCQgL4oQqnqGDTjxA1FYwjJBJHSVU%2FnIxbOZlUD1kXvjoZ0%2FC6ltQIRs%2BLSF4eA5A3%2By46c7j4TUDJsTC8Rik%3D\"}]}\r\ncf-ray: 9a6e23f7a9db783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33613,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"9925b001376e1cfbc1dd014534698472","sha1":"fbbd39d3b699eecf010f564e6bf23ea1454a7677","sha256":"cbbec88cc4edf42e043558dc0968c27b79a0089a3d5a00d62cdeda72c03a1ef1","sha512":"cf372bafe44707af70b754a5b0d194414306bcd01ec192c7ebd0cf7d05c5b3b9f651b141b7b2a61db44698d98a88f8ab100df56aa64d1f4aed0e83c32193cf69","ssdeep":"768:5sqOIbnjltB6iiPp1qqeTAV0FD5knJraqBTFlCsoH:5sqOwhmiiPpvAD5knVTvQ","tlshash":"29e201689d2e6cf73742f680fa5c4ba60c7a84717c139d250ef28945dacbdd2801ae1d","first_seen":"2025-05-26T17:14:11.000769Z","last_seen":"2026-01-10T19:43:01.869792Z","times_seen":6,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/6437/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/6437/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11052\r\nserver: cloudflare\r\nlast-modified: Sun, 31 Aug 2025 08:12:46 GMT\r\netag: \"68b403fe-2b2c\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nc9KsXFUOnZJPqIFeb83q%2Fd5TUG415lzCb6Ax33WkYZyeTxkb5b4HVEkhY%2B3sjXFhmC82jPnILkfuikiTVapi%2FHSVZtiqo53rNB5RhxaR1RX0i8%3D\"}]}\r\ncf-ray: 9a6e23f7ba37783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11052,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"8496c72610143f369518387e655cdec1","sha1":"b4dd22b769a054f4d673d7517f29cb9e53357d0b","sha256":"06bff7463ec04601efe32d3784b1fcc167cda4a6a03196013206510f805568b8","sha512":"259a6bab69f1d0719f3d2b905bd2b646ed7bd9734ccce77fc59c11a0cc2323e1e4ae7bae915d4989df0088256dfcd4ca45ac58e77807eaaa151c2b0762add4a5","ssdeep":"192:xLizGLWt/Az9inAeckELE1CPyKAbbIXH/RMhITVHX2HB5fJTT+i:xqRg0nAJkEL8GfYbuH/2GTVcJTTZ","tlshash":"3f32afe8cb218ed5744bd2d259151cd3c3df240814a81c4536fb96bbe13ffaa1867929","first_seen":"2025-11-30T23:32:22.187602Z","last_seen":"2025-11-30T23:32:22.187602Z","times_seen":1,"resource_available":false,"data":null}},"time_used":403,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":402,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7307/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7307/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5441\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:21:26 GMT\r\netag: \"692993c6-1541\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oVtiy%2FmgAx2u1iVXD3wEiwt322ng6T5Wwe0PQDCjPigDvSF%2FO%2FE0V1Jok3Y96U17vFe6w1fywudVg2gP8BpbG0656rI5UNhkhSjrzoxhn5qongw%3D\"}]}\r\ncf-ray: 9a6e23f7ea90783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5441,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"dabe555495fe25c2dae49d21d0f8427e","sha1":"edcaf60543e8fe298c2ed8a69a1ae84d064f0ef1","sha256":"de5fa9fb3888a08be87b002117670d58365a8a6cfa85e910652a6205ec272d88","sha512":"704fd77f0b9a0b39478764e01184131eaec0a506ab0f2c6cf64a5ef1f0ed3e1842c6d80cd2a0fd5055182493f43e7caab3620ec343c25dd0b300fa7d7803b5e6","ssdeep":"96:xEzDglGXuOrkzuJnkkpOI0DwpqvbRbV/VaAJRbQSVBVJJfIbKqczEHWvo9lnp:xKglADvkCOfcSbNV/VaAASVBVXYRkoPp","tlshash":"40b18d45130742d278560c2ece51be6dd7e2174231f5831b1fe453e38ad97e9e02986c","first_seen":"2025-11-30T23:32:22.188508Z","last_seen":"2025-11-30T23:32:22.188508Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/js/jquery.rotator.js","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /templates/frontend/dark-blue/js/jquery.rotator.js HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Jan 2020 20:35:02 GMT\r\netag: \"5e276076-cce\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nage: 5406\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CNROXWnh5%2BbcKENKjgTYGkoVHM0hc2QK6TCFCseFGNnysGmG4FYU39SjIXMY0WNfW6m%2Fgx%2BPi%2BZmtufq7%2BrY5%2B6LynvHB2gjLOjIKxVO%2BQzKV4U%3D\"}]}\r\ncf-ray: 9a6e23f80ac7783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3278,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"f39648a2e20d505526d8833191a47b14","sha1":"3f3e4b96d6289e1aca1dd382570594e0cad7f0c3","sha256":"ac750c411915309e6d642fb5555d2a1fe2a0bc1aa8de6cff5acf3a5c5c485bcf","sha512":"9a463ce8d2a16d8c67fdca5604a22efebb3bf2197c72e321b66562e237623a45612e6b078d94e9c0b339c90a1af12405bcd3b12979badb963878d310bcc34c5c","ssdeep":"","tlshash":"ff6120817636a65f4622b3712e3d0544ba6ec4724241d918fd3e94a88ff136943f6ff8","first_seen":"2023-03-07T01:43:05Z","last_seen":"2026-04-04T21:34:36.071258Z","times_seen":191,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/65/c0/19/65c01960220c61bc01b736a1905c525b.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /65/c0/19/65c01960220c61bc01b736a1905c525b.js HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 39779\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7018a227443bf19482b4ac17bf22c07d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":111811,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"77dbc7af719a23dd05b41006d4b69641","sha1":"4779636f40014363eac2fc177d8eb5f8e9e4a137","sha256":"c175146b77d30b84e05d3364b75d0c4e5c6f5e57a03dfcae7a63b7caa257958b","sha512":"2d4a1337f9699e5bd789f017d3927d39c59034d5c9dad42efeff5f58a2d552737f8ce45111ead2aa43eb58884f0593c7f89f4cb3ec3d3fa4f193deb6e464d41b","ssdeep":"1536:/l6WTp/37gSqZXqJNplkBiBXFxYgm0M/J49rClQuIwy9Lj6qdEIGZi0hj6mgSdZ1:oIdXLaJ4sQusEIGY6c/TJnQ","tlshash":"c8b3ea4cbb50f0ad41a67077623fd90bf0690d90109cd968e5c7f8f86e5872be63da68","first_seen":"2025-11-30T23:32:22.189704Z","last_seen":"2025-11-30T23:32:22.189704Z","times_seen":1,"resource_available":true,"data":null}},"time_used":474,"timings":{"blocked":-1,"dns":1,"connect":94,"send":0,"wait":97,"receive":93,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 25 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 446956\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T10:47:29.499783Z","times_seen":716431,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":127,"dns":2,"connect":20,"send":0,"wait":23,"receive":10,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7303/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7303/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7606\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:07:36 GMT\r\netag: \"69299088-1db6\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8tlsL4pnbTCDPDoc0rXBuD5l1o6QGfjFdV7NT25LSAAT09QVTCoOgO1kI5jwS4xsfg4%2BkJ8ntYeLZGwaUaMqDBjlYRIkiJciektPO%2FrB34QICtA%3D\"}]}\r\ncf-ray: 9a6e23f7faa7783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7606,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"89609e10e794b7e9a52b47389c43361d","sha1":"ea70f55e76fe076a0303da50b55099a813b4404f","sha256":"2c89ccc840e8246a5c1bb08d39cc257793786b4f5f4e0adbaf7976678db02d26","sha512":"0c6e9a1bb716ccc8a13627fb3353cfc77577e47203bc04136ffe74ba2562db7fa12d3351b3d4917e8d3e2a9ecbe1b45b1339b76da8e70ad9283014d4b92b136f","ssdeep":"192:xGQaXV96phdWeIxST3aGB1nqgBHgpnbixWXdUZO:xko6SDaGBsgBAphXf","tlshash":"def1afd24acb13d5b6aae4f2554d2e9a50c62b11c58bf21907f947c781f320ce87d10b","first_seen":"2025-11-30T23:32:22.190465Z","last_seen":"2025-11-30T23:32:22.190465Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2","fqdn":"use.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.67.142.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"use.fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Oct 2025 03:19:03 GMT","end":"Mon, 26 Jan 2026 04:18:56 GMT"},"fingerprint":{"sha1":"33:ED:5B:34:BA:AF:AF:80:58:92:84:39:09:81:C2:1C:F2:7B:1C:61","sha256":"F2:60:62:61:00:2F:5B:44:3D:71:67:60:E5:36:87:F9:BF:1E:D6:39:B2:E1:C2:20:E4:11:6C:79:74:03:6F:DD"}}},"request":{"raw":"GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: use.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://use.fontawesome.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 74348\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FZNDiNNgQazsjeDm%2FRaosdtzXbpY%2BWTzwZiVRUco7uuHx0C7WhZbVrdtka95ixdxm4ZDsZ6ch5Dy%2FXZ3YdLnsvXyVpiCfqjVEu4Dgtu41mxU\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\netag: \"462806316fea535a6a57651bc2b000b0\"\r\nlast-modified: Fri, 22 Sep 2023 01:45:52 GMT\r\nvary: Origin, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 84302\r\ncf-ray: 9a6e23fc5a3c7129-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74348,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064","md5":"462806316fea535a6a57651bc2b000b0","sha1":"80644191098f863f25be27841c0d92c452cf2327","sha256":"4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2","sha512":"1765952f3490a3b063388c3258bf2ed0fce4854ed7fc6fc5937ec3d0cedb1368fa24a87ebd2dd62e4ba0f6244b648cbf47044381969252b62a2677a39c6b0b6f","ssdeep":"1536:gkdThXppBpYl2zoSgIfQGgAPlGqIfgCm86b2EGsX8wDT:gkzPYKoPI4lAPg9fg72ERT3","tlshash":"007312208918f9765bb7e0be5abd05a57cb1c4abc6af40343496abc46fcf93039c7550","first_seen":"2023-04-06T01:20:04Z","last_seen":"2026-04-05T10:30:41.202146Z","times_seen":3979,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 5008602\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6zfMh50ocnd9g3aU7elM%2BNDqqNLk2zHq5bNL%2BdtWRmEoXj9koT20W7LvEmowDfyUjyH2Ws2jd7jhfqwI4pxYgC2kQZ8XW5mZJlQCDTHso08%3D\"}]}\r\ncf-ray: 9a6e2403e87f3181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-05T09:34:37.03686Z","times_seen":3131,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/images/logo/logo.png","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /images/logo/logo.png HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 8666\r\nserver: cloudflare\r\nlast-modified: Fri, 01 Aug 2025 19:26:34 GMT\r\netag: \"688d14ea-21da\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cEi6kAsovlTIy08kXhWj9oCvryheNdpZWj1kwq3yS7RrmWuK6iaY8fqUXgSFj8BpbELAgHGwP8l0DUI2M%2BxtXj1mQMVuOdXrrD4wCAxqsIax3cM%3D\"}]}\r\ncf-ray: 9a6e23f7694b783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8666,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 265 x 90, 8-bit colormap, non-interlaced","md5":"0a755753d246fcacce336311401166e2","sha1":"7c84518ffdf244458535c170eda2bae7c709b742","sha256":"b14943e6c494a797aebba3e75753a8776bdb4eca0ddf73d41a3f329e417eeb13","sha512":"cf926ca25a68b2d95631d1949f1f06fd5a691ea9191ae54a4d8c02b73973c682af21b504dda44b8162be6a60eef49d329a326e5ccfd31debfa15c84219e01ced","ssdeep":"192:t62zzRKEHVHNqbbBM+lL6OzmFJK9BKMcDuaI3:sCVHxNqb9MSui+McJG","tlshash":"9f02afe4f19e5cbcb6bc9080790d2322bf184fff00b296486ac9a977a44c5d75cad5c8","first_seen":"2025-08-24T13:45:48.520986Z","last_seen":"2026-01-10T19:43:01.881076Z","times_seen":6,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/5650/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/5650/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9051\r\nserver: cloudflare\r\nlast-modified: Wed, 28 May 2025 09:52:18 GMT\r\netag: \"6836dcd2-235b\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5177\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uj%2BljrOf0ioGi8tLBBYW3Dlcx1qnwcwmH0Psi6htdGKzJDUbi3dneBlGhWn0Xhfm2DeIRfUTtbb%2Faz5qgQD7yuZXQgxPw%2FQI%2FkdPUdjPgqK%2B0FM%3D\"}]}\r\ncf-ray: 9a6e23f7a9e3783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9051,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"3344b6e8617599fe8646feb340703044","sha1":"a21ecbb978856776f31073765b6ccff835f1c815","sha256":"edfdbad31ddf95e61b6fd9d9bb410bf4cf7fb335c1936232832a33fb5e97a213","sha512":"bfedfc0cdb3501ffab46a086089799722c78f38fbc90f839073ead9ac9f78fe3a77673e1ca84a46696d611a2078167839d15879a84508b3f3305d94e353200f4","ssdeep":"192:xuU+SDqGs2JRkqUcimatx6mx74xB06tFXtB4dfbCe:xEuqHq4Xtx54xB0UFkdfOe","tlshash":"ed12ae4d039273dbf41bc67d1b961e9486d03764b6680b99bed089bb09e432a68d1fcc","first_seen":"2025-11-30T23:32:22.193266Z","last_seen":"2025-11-30T23:32:22.193266Z","times_seen":1,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7054/8.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7054/8.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13205\r\nserver: cloudflare\r\nlast-modified: Wed, 05 Nov 2025 10:29:06 GMT\r\netag: \"690b26f2-3395\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Dc6czT0q%2BLh1XBr0kT6WVa0qfWR9HQ1CgdAfuR2MF4YwZbltZQphp5ghFYUL%2BzkD7kAb8L7zagF7IUJbABOKaU0unkWGhv0fMY%2BIkw5OR6%2FAIyY%3D\"}]}\r\ncf-ray: 9a6e23f7ba23783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13205,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"ed8d73a70fc3fe7544f00679cc11ce8e","sha1":"bf20be3db0a3c7e75beda22f95385c19ce3e952e","sha256":"70fbc13c7e6dc0c107ae4431df09d31afb3c78227ebacafe18c3457ba93aee2e","sha512":"fcaef6d7fd8bf1adc7f4a15928bd4d6f69bc43e4b564a83f72f08f2ec09fb8886da9edacc0bd23b8663a38906b97409e38978f1df4f9a334428d00586ce7fdce","ssdeep":"192:xGnXFkYkbQU3IJwgVHXcu2geotvnOksn0UgiNSABrQCryA+3OLUYT8mulbTQrwyq:xGXWtb7I+gpfRnOks0UgiMorQCp+QrBq","tlshash":"2e52d02e6d1e4ffab637f97014ea1dc2cdd8dda6186daa52c4e83347cc12082645174f","first_seen":"2025-11-30T23:32:22.194142Z","last_seen":"2025-11-30T23:32:22.194142Z","times_seen":1,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"meantimesubside.com/96/4f/58/964f5885584fb9f9ad0858325aa50535.js","fqdn":"meantimesubside.com","domain":"meantimesubside.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"meantimesubside.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 21:14:31 GMT","end":"Sun, 11 Jan 2026 21:14:30 GMT"},"fingerprint":{"sha1":"23:09:70:98:A3:86:5A:A5:53:D0:05:9D:D9:32:94:6E:43:F6:28:0A","sha256":"C9:7B:8A:F6:9A:C5:A9:0A:11:D6:C7:AA:06:1F:CA:F1:8F:4C:CE:A7:47:0E:C4:F8:06:11:4A:8C:4A:20:A1:7B"}}},"request":{"raw":"GET /96/4f/58/964f5885584fb9f9ad0858325aa50535.js HTTP/1.1\r\nHost: meantimesubside.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:49 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31829\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: meantimesubside.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 226ae193f712f8c7416363f077a205b3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81588,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"018d8c8617f8569e4b09f045b8c1db16","sha1":"3fc1c038284ee3df0b79a1fa903c413f52fb1979","sha256":"3e907e2a0acf0dfbf739da14c793305b659fd0a36dc4bebbd767f41457ebf59f","sha512":"123032d2b6e3bcf9504f44e6eb66aee2c7566765f34ad9c78278a87b05b34f22d959548a6314ad0c470e28872de9eeda778583d7eb735ff7471054fb5e19503f","ssdeep":"1536:mJBDuuYKb5yrHvXp2mbVKBw591hyGoitf68hK3vZEvF:mJJnYKb5QEmbV11hyG5tinZE9","tlshash":"fd83e6883f51b09903d76077222feb8bf12edc10109ee444d623e5d97b6834ae5bbe65","first_seen":"2025-11-30T23:32:22.194924Z","last_seen":"2025-11-30T23:32:22.194924Z","times_seen":1,"resource_available":true,"data":null}},"time_used":649,"timings":{"blocked":-1,"dns":169,"connect":95,"send":0,"wait":101,"receive":93,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7314/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7314/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16142\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:43:11 GMT\r\netag: \"692998df-3f0e\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=egfOGEBgvRp5MJXXMvkRw128dVybDKl2wDdSV79hFT7MWBzL6fSA6yUlTLJN4J%2FIoYXOufxAxZTlRZlPOFcPqrAYXhUlP66sASn6MMTHe%2FenXB0%3D\"}]}\r\ncf-ray: 9a6e23f7aa03783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16142,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"b731264dbbf8e5c2b627ef5e1d822f84","sha1":"46ddb82b07eafb3d2590bb384b2184305ced3b1e","sha256":"76018dcb1869eed796d050f9c0f443cbaa04c858c061f296ccb1041b2871d84b","sha512":"ebb4a9434e09b34994a0004c086f296d6bbf60ec6ed6aa60dbf9205b0bb660d967b2388ac4d196ccb47ade6a8890d25a36f250eecfc05e066cb90e5a9e8b8303","ssdeep":"384:xSFMnkbjh093r6vXrKkViSZxZEQzzUer7kitEo7KhyQRuJgC9v:xS+KE6/7Npzjr7ttEo7MyQRuJt","tlshash":"8f72e18a0d3d3fc0b0a919a6e9003e4d65f1aaf15027174f59c1defb1ef2985809dd14","first_seen":"2025-11-30T23:32:22.195547Z","last_seen":"2025-11-30T23:32:22.195547Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7312/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7312/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7089\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:36:22 GMT\r\netag: \"69299746-1bb1\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GEKB%2ByCZzjo7rZSGS7Y2BLfk7T77LvMkpjaoymXIwrHywRlzikFBvVjxNPzQB10uKcJ%2BMvVHd0JJ%2FR%2BXODrP6aZTf0Yo9XcvH%2BYzwFNNiAjVAvI%3D\"}]}\r\ncf-ray: 9a6e23f7ca4e783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7089,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"19fabe7d2ce2b689f047486fc81cc5e7","sha1":"d16db2afea8907f8fe12dd0b687ecdff5b178699","sha256":"d6883324d03970e1439fc1ac00f08b7e73b923e711a59811b5076548461325ac","sha512":"19627b3c780b89f8e1a36b08d3bc1f24f1b051283ccfd394d8b44a3cf95ba7018d8dfee566532819f1854deaf4624523597c7c354b78b48027f3c04abf653bb2","ssdeep":"96:xEPgPFqiWbMKUv7V9wed3jV5TzVhlLyZtiP6HwPv0RNmUAaZvZ/TM/uqvV:x82FqiWvYhS43p5TzhLXZ8+/uqd","tlshash":"91e18d547f572dc0fd26d078a602bfa2dcc90caa605ea65e3ed2129fbb3462181549c5","first_seen":"2025-11-30T23:32:22.196331Z","last_seen":"2025-11-30T23:32:22.196331Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 19:32:14 GMT","end":"Mon, 05 Jan 2026 20:30:46 GMT"},"fingerprint":{"sha1":"02:4D:4C:CB:35:45:05:40:6A:81:62:94:06:BD:74:E7:1B:85:B3:88","sha256":"A9:CB:1B:A1:E6:6B:1A:38:34:FA:32:44:4D:30:70:4C:4A:47:12:A4:D1:32:A5:2D:BD:A7:0C:EA:39:FF:C8:D9"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A1lvMcUducUFq8qGRJU8lRLZtKngAZwQ8%2BvX%2ByLh7nkvu99R5Amrbl03d9smudr6WuzIgWQbwXbcs5W0k3BY55uMcAAfkx8scC4xWX7hkdjCRPxEzKs%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a6e24066e39120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-04-05T09:34:36.988452Z","times_seen":1695,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/cdn-cgi/rum?","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 417\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9; _ga_RCPYBL52QP=GS2.1.s1764545510$o1$g0$t1764545510$j60$l0$h0; _ga=GA1.1.518606631.1764545510; dom3ic8zudi28v8lr6fgphwffqoz0j6c=9dd00c19-9acf-459f-9943-74cbed3d20fd%3A2%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":417,"data":"{\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1610,\"startTime\":1764545508177,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":1},\"pageloadId\":\"311b005d-dafd-4f6a-9c7b-3576e748c77e\",\"location\":\"https://www.empressleak.xyz/\",\"nt\":\"navigate\",\"timingsV2\":{\"nextHopProtocol\":\"h2\",\"transferSize\":15951,\"decodedBodySize\":92351},\"siteToken\":\"cb1d3e9533824baeb374a71ea9cf923a\",\"st\":2}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sun, 30 Nov 2025 23:31:50 GMT\r\ncontent-type: text/plain\r\naccess-control-allow-origin: https://www.empressleak.xyz\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rmzmzzni19jFSKaskR9Y39bO%2Bjn%2BiP5iqAFTLlDRJ5VdL%2FDvgGIsaJg3035MwZqFNgSohw%2FmxqrjUtCUuMR8IbUO5z1Nlj2jmNGIjkHqvUuH7y8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9a6e23ff0f2f783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=526","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=526 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=567","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=567 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":40,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: br\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-2762\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=InwrnM75P5Jo3lEhq5fTEnaWOsVWOp4fGOVfTEHzejdxtM2gkXV3cDwYrXRWkJ4NDuZMpioK%2Ff43uErD%2FnfjXeEMheSF18R4HrCpUnmu\"}]}\r\ncf-ray: 9a6e24084d9e56bb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-04-05T09:34:36.948255Z","times_seen":1584,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/pixel/sbs?c=1","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=dbf6f2fe-a0ef-4a72-a135-dd105abb7ab0:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25810879=1; slec964f5885584fb9f9ad0858325aa50535=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7171/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7171/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13795\r\nserver: cloudflare\r\nlast-modified: Sat, 15 Nov 2025 08:51:38 GMT\r\netag: \"69183f1a-35e3\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d53TeHAMJN5vaIfktyUVlcs1TnowAJWrxg%2BSCHNeGMilGWmMC11%2BYj7E9dNfQGv3JTSOmeEVeRxxaL3JWuSTDFrIpBLosCt%2BQZiOynDhljOf4NU%3D\"}]}\r\ncf-ray: 9a6e23f7ba0e783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13795,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"ce1ecc2405984223b447521125a7c951","sha1":"77d35be5b36e7a969c49e203256086046006c8da","sha256":"ef1939a342dfad1a1fdab206529d482b15401c4924f5db1fa11a64631d90caf7","sha512":"a3df0fc1c36a6e130439032d44b728eaee18da03cd75f61e9b3a0b2b69b8fc9e16a1c4af66df71b18aac4fc927f1ff59a21e25210baf1770bef671c168873326","ssdeep":"384:xQhviZZocspTMsqUdejZuzgBfKI4pQVC32E:xQU4c6TMs4Zu8ZKqVCGE","tlshash":"7852bee2b081a6e27c31e49e0d35ac8bd7e4d6d8d2911e4942f6e25483937e94f1c86f","first_seen":"2025-11-30T23:32:22.197782Z","last_seen":"2025-11-30T23:32:22.197782Z","times_seen":1,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7305/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7305/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11365\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:11:58 GMT\r\netag: \"6929918e-2c65\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zmSvMz1mRrRkWiN8iatDbxXj8K98pTP2ZBGEsG4ekApqA8yT3pByuUbN3yTzf4aPEvpnMHtLXmSgvApmJH85yWcrRKywMLOPvQf8sQtzTC8P%2Fac%3D\"}]}\r\ncf-ray: 9a6e23f7ea96783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11365,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"dc7af4672233a7befee9d0688c0077ae","sha1":"4d8aa61d7b91a5f397e1c2d511a8c0b69b1cb8ac","sha256":"3f8f1ab7d4ac5136faed3dd4e633aea9d59883e68d040f76b56216b7d0029ef5","sha512":"9c24e56e4835a21999226e55b16369678cd5ba7e953d8b68624c3ef1b60601a0eb95eceda4b640fe0138c25d40aae0d6b6d7449d2dd6d33e62e6992a51463b68","ssdeep":"192:x5PzgsiQkoRgNL3Oe4nDmDQDKC9q60iayxuAeWmQhUas/hFEgU5Tsmqx4kpR:x1MtQINL3T4ny0Dp9BgAvU0tAms4aR","tlshash":"fd32c0e6bf7013ec78a948590cf50e29d7f52912a9cd0bc238fb6b8456c4fd14019728","first_seen":"2025-11-30T23:32:22.198635Z","last_seen":"2025-11-30T23:32:22.198635Z","times_seen":1,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/6356/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/6356/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7448\r\nserver: cloudflare\r\nlast-modified: Fri, 22 Aug 2025 09:55:46 GMT\r\netag: \"68a83ea2-1d18\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PxacE1T9PamU3C6JOJ3AuGSL7i8Q4fKw3e0%2Bm%2Bisv3azu%2FAzEwT5tRcyrdnDnVpyAJgrib2LgYvatr23vrNsscJ4nCT3IeXhKfpP2QlBemmI6Sc%3D\"}]}\r\ncf-ray: 9a6e23f7a9dd783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7448,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"4cadd46f00022bc24d0f4128c255cb9f","sha1":"bd6b98a891ef9e92562d40056cf3c58da43765a7","sha256":"4583765f632cb05159ea0be0e9e946fd8f770fea1450fb0e3fb36222de641307","sha512":"6278a61106353138bbff0ceef3edb212b9481ed354a76bb7c5d83e34ccaee7e2ac09381a79544d718af1240c65dd122c1a7f5937227b3d1ff47e6f2b1d532569","ssdeep":"192:x+GEnc+t8OW7Sxa7kqTPfzAH0HDO4JXNw2Y:x+Tx2Sc71KiDvJ9c","tlshash":"dfe1a01c7fe45adf7a7399b7dd332ca6c3f11d42689f2184c5f81230923828595c946d","first_seen":"2025-08-24T13:45:48.553801Z","last_seen":"2025-11-30T23:32:22.19954Z","times_seen":2,"resource_available":false,"data":null}},"time_used":387,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":386,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"meantimesubside.com/87/01/60/87016050c203796a626141828a579ae4.js","fqdn":"meantimesubside.com","domain":"meantimesubside.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"meantimesubside.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 21:14:31 GMT","end":"Sun, 11 Jan 2026 21:14:30 GMT"},"fingerprint":{"sha1":"23:09:70:98:A3:86:5A:A5:53:D0:05:9D:D9:32:94:6E:43:F6:28:0A","sha256":"C9:7B:8A:F6:9A:C5:A9:0A:11:D6:C7:AA:06:1F:CA:F1:8F:4C:CE:A7:47:0E:C4:F8:06:11:4A:8C:4A:20:A1:7B"}}},"request":{"raw":"GET /87/01/60/87016050c203796a626141828a579ae4.js HTTP/1.1\r\nHost: meantimesubside.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:49 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38121\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: meantimesubside.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: db41a16510ad3f36ab685f841dd25f37\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106588,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"383e3b346fcf365e50691b1170268034","sha1":"1b349d4a392ee5bbbdcbab3b8c08090430b6611a","sha256":"227db9e18d3b8d041db29720df367c321f24c53d5d5ea105e1d709bad5e0ec50","sha512":"80f66aa668391ea378cdeed7525ac691c6b615b926d7fe2602c19bc6c759944efde4df8da672245a55431bf3d9dbc43f732c40132a1e9a8a93b0a48706cbfdc1","ssdeep":"1536:Ud5VyAcpiczPP6RdHf8741ia98IWRRDtmD:Mcxz36RS/RRDtE","tlshash":"9fa3d8c87f51f47c03d77476223f610af06a9f00659ce598e013ecfa296871be479aa9","first_seen":"2025-11-30T23:32:22.200402Z","last_seen":"2025-11-30T23:32:22.200402Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1027,"timings":{"blocked":380,"dns":171,"connect":92,"send":0,"wait":97,"receive":93,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"meantimesubside.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/6033/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/6033/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10943\r\nserver: cloudflare\r\nlast-modified: Fri, 11 Jul 2025 10:10:29 GMT\r\netag: \"6870e315-2abf\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5242\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UF9wu8wM5x6%2FV747KehUnJ2G8Eb2%2FFWx%2BS0PNpA3UFrXaq82LWYIE3F60A5K4p9Okp8sb3fJo%2BzzUF5sjBh5iTUi9Fyt0M9zMhHGYB%2BjgEm85eY%3D\"}]}\r\ncf-ray: 9a6e23f7a9f7783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":10943,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"aad418eff214535d4826dca99bf22716","sha1":"18c1f7cfe9c3265c5a73da5ad2dca117cca83f94","sha256":"f2a86b4126b08b050369b1f5f2fece5c06d123be938a54619c826f5a839c60d6","sha512":"4aff5e95fa8bd068a72f68b54cdd43354051354aaa7dfd823765b5b630138273f9880ff11c45afb6b462581d6e9f81657fe3082d14a6eac0c573663e491a9530","ssdeep":"192:xa8pnEUEjRPi9AKd3fi8KR45tNRIPt+7KQOU3L7g73hnSGCPEQ9qzv:xa8ppoiPKRutNRCYpOUCUPP+","tlshash":"2632d165b78389e3b46804504aafadc370c009c7105495ea5bef7ee1f1e9a5b367d20e","first_seen":"2025-11-30T23:32:22.201309Z","last_seen":"2025-11-30T23:32:22.201309Z","times_seen":1,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1489\u0026rd=1489\u0026fd=709\u0026bv=25.11.7853\u0026tmpl=70","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1489\u0026rd=1489\u0026fd=709\u0026bv=25.11.7853\u0026tmpl=70 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":726,"timings":{"blocked":315,"dns":27,"connect":96,"send":0,"wait":94,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:49 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7aa334ed8ad2b8ae7d842a04b3a378ee\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":68,"dns":1,"connect":17,"send":0,"wait":25,"receive":20,"ssl":49},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/cdn-cgi/rum?","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 417\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9; _ga_RCPYBL52QP=GS2.1.s1764545510$o1$g0$t1764545510$j60$l0$h0; _ga=GA1.1.518606631.1764545510; dom3ic8zudi28v8lr6fgphwffqoz0j6c=9dd00c19-9acf-459f-9943-74cbed3d20fd%3A2%3A1; pp_main_87016050c203796a626141828a579ae4=1; sb_main_964f5885584fb9f9ad0858325aa50535=1; sb_count_964f5885584fb9f9ad0858325aa50535=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":417,"data":"{\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1610,\"startTime\":1764545508177,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":1},\"pageloadId\":\"55042e14-77cb-4818-93c1-db0d65ce8461\",\"location\":\"https://www.empressleak.xyz/\",\"nt\":\"navigate\",\"timingsV2\":{\"nextHopProtocol\":\"h2\",\"transferSize\":15951,\"decodedBodySize\":92351},\"siteToken\":\"cb1d3e9533824baeb374a71ea9cf923a\",\"st\":2}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sun, 30 Nov 2025 23:31:50 GMT\r\ncontent-type: text/plain\r\naccess-control-allow-origin: https://www.empressleak.xyz\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RIGBHHORHdS04SJvlzRAtGPm6Zv4lcXG5ii57NMhj0z5N%2BsJcNOc%2FZ96chZuftuS5hZDSURt3noIHgodkY%2BbMJdb4FE4hfspMI%2BE5amVuPWSFRo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9a6e24001955783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 3437679\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A2UsM4V3K%2BM8SuQ8HsEZs2hqvNF%2BMN%2FezpFUNzWCc5N2I4PT2BFMYQ7KjI%2B3j8CFc69aqnEYsJb%2F%2FxzS5IVxc%2FjX0Yfj0t5XGFtWyLRfZ4s%3D\"}]}\r\ncf-ray: 9a6e2403f8b13181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-04-05T09:34:37.031429Z","times_seen":1661,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":4,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/categories/video/11.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/categories/video/11.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23507\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:03:31 GMT\r\netag: \"67e44173-5bd3\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AfHERlX139plm%2FepdAPDumxK432Twa9t2yhtmON0V9whneKcB%2FwZlbkdfdryX6zXNpX7wCur%2F%2BcK4U6gDXeRMDTHcRfMFScOaKr49AFoxXyhIOM%3D\"}]}\r\ncf-ray: 9a6e23f77997783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":23507,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"91160ec19f6e4be3e963ca67210a6e02","sha1":"728c64f716e395c0eb717dc88416e95b9290279a","sha256":"52b787993693431ab68f8f6bfe379c32fd7555da8d74ad63a82740fbfa66eb56","sha512":"2a28061b9e40b701fcd65b869f87ff12dccb3b7be103a4a5a690c6f422074f32b5905fc774f5a9193d748728d80e577526dce20bbc7d23592f398ae102eb754a","ssdeep":"384:5V7+bpOyGeh9RrnJfghUgcaaug3QiDdnOEeHhWMKikjE+hd14DyOyljl2iLQT:5VU7Geh9RDeqduEZReUMKikjpfD1/tc","tlshash":"12b2d0796752ebac6e92d39ca2786caf47e9cb846005504c69d051e5cc749faf107320","first_seen":"2025-05-26T17:14:10.970117Z","last_seen":"2026-01-10T19:43:01.852683Z","times_seen":6,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1ccce2b4db8440500d52812b0932a3ee\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":705,"timings":{"blocked":304,"dns":26,"connect":92,"send":0,"wait":94,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 19:32:14 GMT","end":"Mon, 05 Jan 2026 20:30:46 GMT"},"fingerprint":{"sha1":"02:4D:4C:CB:35:45:05:40:6A:81:62:94:06:BD:74:E7:1B:85:B3:88","sha256":"A9:CB:1B:A1:E6:6B:1A:38:34:FA:32:44:4D:30:70:4C:4A:47:12:A4:D1:32:A5:2D:BD:A7:0C:EA:39:FF:C8:D9"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:50 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zqhK%2FD%2Bti31Q7Bge9ljouQQuh4mWyZifX4lw%2BaCB%2FnOqDsKD6nU1QlBPojHgB7KJPUBdmmo3mD%2FznSRiMzQWaUISbHuPE0aDnluv2zYlhgX1woGXiOU%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a6e24020e06120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-04-05T09:34:36.988452Z","times_seen":1695,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":23,"dns":4,"connect":1,"send":0,"wait":119,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/87/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/87/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5826\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:06:05 GMT\r\netag: \"67e4420d-16c2\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h5CONDE4EFyaLDeyivM6QI1Y%2FKcVu3LO9NuhN09nhRCI6npu295K4EgFnF3l4uge8jP1XmlcCd7ieWwH1Lfhhqz7MUZAr2HVEdmcx66cb4kDoy0%3D\"}]}\r\ncf-ray: 9a6e23f7798b783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5826,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 256x144, components 3","md5":"b8c10e42b64a2acca491921255d51160","sha1":"6439f7d100afa3a24bfc64faa4a116aa80443ef2","sha256":"1654902778263c408a88eae227f1acb727f23bf6456e9bbff77344473458b717","sha512":"1019821b41ad7bded089713e674bf5b7cf252e9280a2eddd6456fceae563ea631938773ea9af68fa53d6eda0ef4b2a9f008d0e707c4445c832c5a0842b8258f3","ssdeep":"96:wEaqZ8K4h60FJXfWSvNgAhCV3b1oTNCK1svRIPrVcy70f:wZqCjhlX+WLiQQosvRI6f","tlshash":"76c18e2913a862d3fe2b817d2d21dc04e5cfa4c4aa544adddbdb8a10d971651c49d08e","first_seen":"2025-05-26T17:14:10.992661Z","last_seen":"2026-01-10T19:43:01.832368Z","times_seen":6,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7319/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7319/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18324\r\nserver: cloudflare\r\nlast-modified: Sat, 29 Nov 2025 01:06:53 GMT\r\netag: \"692a472d-4794\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L9pXjNz4nBLxzVwWTs79ZfR2NP8Y44uFjp8oRfdkSjSALZic0qt0OlPOSRigY97JNWmER5mptsjZwV%2FrHTQIO7Rs0pYr7VMSMQbizfU3NAtNZFA%3D\"}]}\r\ncf-ray: 9a6e23f7ca3e783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":18324,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"eae71ef38f24cd839f2101200ac2b639","sha1":"f9f34fd81bacf6cdfefd6a6697961579be9f2599","sha256":"c57ce636b82640cd78f01128a384418a84b58a09c430f61cff4b039b71094e7b","sha512":"1dee699b5683b15f39dbcfb54ebed98847f9146072cb530f8dc2071f8be5cdedeac58e81d59c0ed9f1c6ef668e081fcc471e83c499e7837261395e96dfcc7a9e","ssdeep":"384:xZhqTYTfOh6HNoTc4c35hsnY6x0GbDG3PHRi21rlJaDrA0A4n/zfu:xuTYChj44cph1R3PxFrlJaPA0t/zfu","tlshash":"1e82cf77378df0e0b89b04b82ef1583946aae3f319a81d282edd86935821574939570f","first_seen":"2025-11-30T23:32:22.203823Z","last_seen":"2025-11-30T23:32:22.203823Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7318/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7318/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9977\r\nserver: cloudflare\r\nlast-modified: Sat, 29 Nov 2025 00:59:25 GMT\r\netag: \"692a456d-26f9\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AT6ZXVeENyg7xuBrIeUMk0KoCp%2BQqn2IfkoqfpqXHa8zGp0I30m6Kcqarr1DzsW%2FCQWbaExI%2FXSKPl%2BT8uc0tm5aHx3Bw5nFEQ2AE4J7O3AC%2BI4%3D\"}]}\r\ncf-ray: 9a6e23f7ca3f783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9977,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"7199055381b6fe90827309c579adcff0","sha1":"c2b0ea995df78624bda474ee319e38b6ead15dd7","sha256":"77e14e5a060bab49acdf0e3baa7dcbdae2d1b239fea495f0f51aa97cc4026983","sha512":"de6933cf27f8a96ed313de16cb0aaa9d728950807b5cfcb456edc78a58e020d885ae9fa61131e22c13869899f68782e22b031da3217fa6580428d8e1626d7d0f","ssdeep":"192:xvmpSOAEcAEYBHWM/OFcyLuQoCoTmp2moQQ/Ue52NiY4OwWcqCWQ:xvmPHcTMHWxFNLuO2/Ue5kiOw/j","tlshash":"5022bf21b60216f07811c557bb212c9a95fb084cf7af2a3db6f634f450e5afed210b86","first_seen":"2025-11-30T23:32:22.204654Z","last_seen":"2025-11-30T23:32:22.204654Z","times_seen":1,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.159.69.184","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://www.empressleak.xyz\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; expires=Wed, 28 Nov 2035 23:31:49 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"9642c5af79ff2f251f052beca4b5bb34","sha1":"eb91149f601afdc4cf27171249ac4ea6adb88fc7","sha256":"269ed94a328a442d65baf90172137656682020a6fab7b923566bee606bd944ff","sha512":"45f7561eb9bb7565bcddf10a75eabb740093f024fed10bdc9675265ff18f8d65eb149fdfc67ca80943e6b3d8409b6f4e9b3f75508c25aede3af2828a34ea80ee","ssdeep":"","tlshash":"fc90043c501403c03505f414553d0dc41c57d45545f550d75411d1130103515530000d","first_seen":"2025-11-30T23:32:22.205926Z","last_seen":"2025-11-30T23:32:22.205926Z","times_seen":1,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":153,"dns":11,"connect":36,"send":0,"wait":22,"receive":0,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.159.69.184","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://www.empressleak.xyz\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=dbf6f2fe-a0ef-4a72-a135-dd105abb7ab0:1:1; expires=Wed, 28 Nov 2035 23:31:49 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"092832c40c8e6b558bf3b742eb4b4e1c","sha1":"b24bb28313e28fecf07978901b2c56fad73c5aa7","sha256":"f27f5000d71eceda3ee4fbdd62d5302569f3e9438148d6fe32c18f88e17b013d","sha512":"89f23e5309e9a7c284fb12c921ad662f7412a693191652821a20688a494050374e61889c53aef096455e26f7bf2578a5a123a6b0fd581f636c8a198d54db3449","ssdeep":"","tlshash":"e2900454503c5370c4cf705f005001d1054c00dd0c5075445033f0d154d04001d35c04","first_seen":"2025-11-30T23:32:22.20678Z","last_seen":"2025-11-30T23:32:22.20678Z","times_seen":1,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":2,"connect":36,"send":0,"wait":22,"receive":0,"ssl":109},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/templates/frontend/dark-blue/css/easy-autocomplete.themes.min.css","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /templates/frontend/dark-blue/css/easy-autocomplete.themes.min.css HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Jan 2020 20:34:52 GMT\r\netag: \"5e27606c-149d\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nage: 5455\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u97CyVGS%2BMFwINbr0G9h5s%2FQGVnJTCxLLxR7DJyozryR1DcYdyMPGhjkeFo9d9jgCEtbmiuRTxfMw%2FpBsmh4x0Mcl9epyop1LrOn3TZkKNjFfYc%3D\"}]}\r\ncf-ray: 9a6e23f75933783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5277,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (5033), with CRLF line terminators","md5":"d6a18c0e8baf7869769c1d0bcfd10f47","sha1":"917b31e6e7d59e7271ffdbddeff932da9f83296d","sha256":"90af4122756f40dd0f42ebb25bd557d88dbf2b88df12d5857ff767ca2d82d2d4","sha512":"e442b03abfa7f159970d87c4fc439b9ab1bd8e66018ff735651083696bc7324bfaa88b04eb4b2b9ac843f2d1e9afd0bb428e275f2034922db64aab4bc9ce0f47","ssdeep":"48:J3Dq/f9RoG42nDK1O5b2AS+RRMGTbjtq9JOiN3E3Is6HFTFs8vF/FW3/F1vFeZFQ:w/fzoWmLNy2hs29WNfeLIZqmmU","tlshash":"a7b16a27221b941737bbf57bf6c228e79ce8c9d462570e94f492e06188ca6271c1f6d2","first_seen":"2023-04-07T23:53:18Z","last_seen":"2026-04-04T21:34:36.052413Z","times_seen":204,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:50 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0ec5d5b8631bc4b63fd2020a6d20dac6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rA15mGHu4%2Bn%2BQJ3HYkSEHWu%2FOF8xCE%2BrpFp0QeU7MeQfioPevMylicPih%2BZTjFNqrlc2bJWo8BrCGK006ie%2FdC7G20tZiRbR%2BwkK%2BqWentk%3D\"}]}\r\ncf-ray: 9a6e24039faf3181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-04-05T09:34:37.052777Z","times_seen":1621,"resource_available":false,"data":null}},"time_used":618,"timings":{"blocked":59,"dns":24,"connect":1,"send":0,"wait":498,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: br\r\nage: 3274541\r\ncf-cache-status: HIT\r\netag: W/\"675af4e6-4ff\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HfLmrwbMcPyLXzg%2BBpMZf8tWJW9JVD1Rh8%2BAChYrWPnuugXTGYVaxm5QPZfqwWSbxQK2upDnR6SQ0sjOJ%2FQBMGKoXMbWL7UCEV7H5ikp\"}]}\r\ncf-ray: 9a6e2407ec975699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-05T10:20:01.401822Z","times_seen":8764,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\npriority: u=4,i=?0\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 5008602\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ERqV4CFBpJv%2BtIqfT%2BsUEEpGKhYp7YKZRL%2BS1eos0a7j4jU%2BDWMH0Ic11EZPFPhWnKeFPJxphAUhMpOkJ66JEIfOwV1FleBzHpsWwqb5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9a6e2407fc985699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-05T09:34:37.03686Z","times_seen":3131,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"use.fontawesome.com/releases/v5.7.2/css/all.css","fqdn":"use.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.67.142.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"use.fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Oct 2025 03:19:03 GMT","end":"Mon, 26 Jan 2026 04:18:56 GMT"},"fingerprint":{"sha1":"33:ED:5B:34:BA:AF:AF:80:58:92:84:39:09:81:C2:1C:F2:7B:1C:61","sha256":"F2:60:62:61:00:2F:5B:44:3D:71:67:60:E5:36:87:F9:BF:1E:D6:39:B2:E1:C2:20:E4:11:6C:79:74:03:6F:DD"}}},"request":{"raw":"GET /releases/v5.7.2/css/all.css HTTP/1.1\r\nHost: use.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.empressleak.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: text/css\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NnBa9SXnut1CFQlKFqxqrLji2C69qhX5ppUrIvuYicia1Wl8xNrEaionssXPqR2AyUHJkkZsXLTzqpE%2FmCJig%2BYF3E8H98FLow1oRv2S4D50\"}]}\r\ncf-cache-status: HIT\r\nage: 174670\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\nserver: cloudflare\r\nlast-modified: Fri, 22 Sep 2023 01:45:51 GMT\r\nvary: Origin, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"7b1d7f457d056ace7b230b587b9f3753\"\r\ncontent-encoding: br\r\ncf-ray: 9a6e23f85f587129-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54456,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (54456), with no line terminators","md5":"7b1d7f457d056ace7b230b587b9f3753","sha1":"4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b","sha256":"9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf","sha512":"dccd340ffae7f27fb66555c13bd1e26f418a369926f0c49453f7b654db610f2058c4a586f817ed35861cb848d7972ad23badfbb627733015df13bb109b420d52","ssdeep":"768:6V31Uz1RPq4NvvU63HJYkQCZ/WMQyjJKp7CzsGnQzU:6czrC4NnzHSBCkgu7cs1w","tlshash":"e8330bb8e54c41d9a732c04fbf82b2bc61b6f73ce5910d95f00e691c2ad26a811c9f79","first_seen":"2023-04-05T14:01:20Z","last_seen":"2026-04-05T10:22:42.800784Z","times_seen":12573,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":92,"dns":116,"connect":2,"send":0,"wait":7,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7321/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7321/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19956\r\nserver: cloudflare\r\nlast-modified: Sat, 29 Nov 2025 01:12:19 GMT\r\netag: \"692a4873-4df4\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lfSMo%2F0tTPIoaBUZvFWd3xt00jnZtzXs%2B%2FYx4yMzrZqtdflTWMtiG251YR2yqojD7kDujjVw3aivO0Dcrc5t3uHCImPap9qGVbsG%2BeUMoLNLGZc%3D\"}]}\r\ncf-ray: 9a6e23f7ba39783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19956,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"21d4d75bbec851251d818f636bd25551","sha1":"195f82b347dfd792adc1aab42dea0df3a9914ae0","sha256":"f386c8b5711e9586f99e9b785e30392325d62b86f9aa6657b13c6348c2b9a28f","sha512":"2e8011485d1061c4279ce92d2de2f7d43cf8d447a25fecf6111e9b9297197b170e688a83ca5256251a94e7ddf38bd4ba451fbcf54ebac3ee4ea1d1deb6d443de","ssdeep":"384:xiGby5YnDi1UGHgK7lafxhdeWGVbXE9Jer6UN3Y+YQszJJGKNpGZvtBd8G3TBz/8:xiG2wQHgK7EdzG++3No+HszJNpk1wGDS","tlshash":"c292d01b67d741e0f85756e7e2a3fcb292cda104868ca32703d544bdab6d5f0a29dcd0","first_seen":"2025-11-30T23:32:22.20844Z","last_seen":"2025-11-30T23:32:22.20844Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/images/favicons/android-icon-192x192.png","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /images/favicons/android-icon-192x192.png HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9; _ga_RCPYBL52QP=GS2.1.s1764545510$o1$g0$t1764545510$j60$l0$h0; _ga=GA1.1.518606631.1764545510; dom3ic8zudi28v8lr6fgphwffqoz0j6c=9dd00c19-9acf-459f-9943-74cbed3d20fd%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 33551\r\nserver: cloudflare\r\nlast-modified: Wed, 26 Mar 2025 18:41:43 GMT\r\netag: \"67e44a67-830f\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZEXQlj51Y6eCFTT3kmDc7B5Sin4y7eco3%2FihOmnoO6L4jYSayG3o8Vb%2FT0VkkrqS31JQnaJDNYpbz5AzulkmjcJzAl83No3Pn3bBdhZ6NBCZ4%2FE%3D\"}]}\r\ncf-ray: 9a6e23ff2f6a783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33551,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"71f75b6edd4aad70c51a4003a579d76d","sha1":"3e17da283e5381bfc04e623c25647a3024413a92","sha256":"c6e0d50cd74e0b0ffed9d2f2adc55bfa8a338aef94ee2d4d7e8c8e5b385f33b2","sha512":"317b9612bd4b44c689095228e3fb3b1c06106183478593b0dad1049998c4ed99a2e9a360bc39e65caebc8dcd2c1393af2755075b8bbfe6ce1c8125487872eb93","ssdeep":"768:cBXjjA8dq8BSkTJNCjAUN3DZLBdU2205UwodsxLo/aJK:cBXj1d9skTJN07dJro7V","tlshash":"33e2e1abc7b2198b89ed672b9fd14c05fcdd0401b4688d3c547dee82a5f24487ec4ad2","first_seen":"2025-05-26T17:14:11.024994Z","last_seen":"2026-01-10T19:43:01.82132Z","times_seen":6,"resource_available":false,"data":null}},"time_used":389,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":387,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=87016050c203796a626141828a579ae4\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:50.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=9dd00c19-9acf-459f-9943-74cbed3d20fd\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=87016050c203796a626141828a579ae4\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:51 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4630f1796313ea3f59b5df01fc39d04f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":865,"timings":{"blocked":385,"dns":101,"connect":95,"send":0,"wait":93,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:52.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: uid_id2=9dd00c19-9acf-459f-9943-74cbed3d20fd:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971162=1; slecc0357ce07e8d73dab31372a114d5762a=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 30 Nov 2025 23:31:52 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7313/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7313/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7577\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:39:14 GMT\r\netag: \"692997f2-1d99\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9A5ijZvQv61V8haQB8Aa65YuHcyNjHmAbFio42HqVTfVsnRqhTllx3%2FusPzzVMgUOrXkfOx3%2FkpE7zHEm%2F7lNyF5jRV0QIMwHVdTNSwmW%2B07qt8%3D\"}]}\r\ncf-ray: 9a6e23f7ca4d783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7577,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"a4f750b402836ccb67505f2ec42459ca","sha1":"19ba7ed7617b1e5d203d7d12aac14b07d2df1aa8","sha256":"019f3f398a89c02bcbcaa3b1f79d5b2aaa66ccbccfed6a725344b8e445597d62","sha512":"440d33657f82af1fa2e22762297eef9afb2c19e901b4e9fe748d123124fa3025d26dbcb4da74d819281d55f42fbf3b6ed2b3ef7f84635c47095c08d88dd1fde7","ssdeep":"192:xoR7+AjNmtpMbZHKDIK8BQN6oIpk94l+Ud:xoRrjAtpUqUv/+Ud","tlshash":"6ef17d92651302d0fd57f4387523ef90aaf58d5722e40b0babe913a9828bdd414ad1bc","first_seen":"2025-11-30T23:32:22.209832Z","last_seen":"2025-11-30T23:32:22.209832Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.empressleak.xyz/media/videos/tmb/7308/1.jpg","fqdn":"www.empressleak.xyz","domain":"empressleak.xyz","tld":"xyz"},"ip":{"addr":"104.21.79.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:49.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"empressleak.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Oct 2025 19:45:10 GMT","end":"Sun, 18 Jan 2026 20:41:27 GMT"},"fingerprint":{"sha1":"ED:D0:CF:9F:52:95:9B:6C:B9:57:6A:7C:C9:C8:17:40:71:B3:3A:00","sha256":"F9:1F:5E:94:7A:3B:B8:5C:F5:11:10:5A:64:39:A3:DD:9F:B9:E6:AA:D3:65:43:AD:6B:EF:7C:14:F2:37:9D:41"}}},"request":{"raw":"GET /media/videos/tmb/7308/1.jpg HTTP/1.1\r\nHost: www.empressleak.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.empressleak.xyz/\r\nCookie: AVS=ij9mi6tavatckfatitur00oht9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 23:31:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9049\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 12:24:12 GMT\r\netag: \"6929946c-2359\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 7005\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UTlRq7VtcixAjHCXAlvz1U%2Biwq15SZjsqGFcQkXllg%2B1%2Bl8UG7Lahg76V7JWZ227bLKobqCQqeTUQHnDmqOXSxR%2B4QVfNh8%2Bg1UsxBTZ9gNEA%2F8%3D\"}]}\r\ncf-ray: 9a6e23f7da70783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9049,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 384x216, components 3","md5":"65726b4e4dd6a338d4f57126d22c54fc","sha1":"d7eb953e7176ee03ee9eea90b33336cccce97861","sha256":"7697a456a6483b6ef5038bc7f6f26ad284a9c3af80a6dfba6d21a39c54a5072d","sha512":"c258e66a858eecb4aeb72494b08b8f88801ede6a61ecec1facb8f4835654e7080c8609ae6fe1a184461ec32f52961b405e22caa906e46c18d943bf20a6df07e0","ssdeep":"192:xLfwvtc7+xiQXlibzod8bCoz3H3YCBN+rb/C/6+0PdaWVLepS21Y:xL41caY+WzXbCokCBSb/C/GPdaWv1","tlshash":"b012bf799b7964ebfc42bd11eca18d4591ff5f2302c9dd0242e8f0f8ca14b50999426e","first_seen":"2025-11-30T23:32:22.211793Z","last_seen":"2025-11-30T23:32:22.211793Z","times_seen":1,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"www.empressleak.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.empressleak.xyz/","date":"2025-11-30T23:31:51.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 30 Nov 2025 23:31:51 GMT\r\ndate: Sun, 30 Nov 2025 23:31:51 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-02-19T22:23:13.628811Z","times_seen":6025,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":158,"dns":5,"connect":20,"send":0,"wait":34,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}