{"report_id":"0b174e3e-364e-49f2-816b-d49615d788e7","version":6,"status":"done","tags":[],"date":"2025-12-20T12:42:10Z","url":{"schema":"http","addr":"lefados.xyz","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":0,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"example.com/","fqdn":"example.com","domain":"example.com","tld":"com"},"title":"Example Domain","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"lefados.xyz","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":0,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T12:42:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"acscdn.com","ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-05","domain_rank":18769,"first_seen":"2020-05-06T08:07:13Z","last_seen":"2025-12-16T07:22:19.041437Z","alert_count":3,"request_count":3,"received_data":272049,"sent_data":1234,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"usrpubtrk.com","ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2025-12-17T19:44:19.819274Z","alert_count":5,"request_count":1,"received_data":528,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn5-images.motherlessmedia.com","ip":{"addr":"185.107.92.224","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2008-10-11","domain_rank":886479,"first_seen":"2018-12-27T22:21:35Z","last_seen":"2025-12-15T18:56:05.800853Z","alert_count":0,"request_count":1,"received_data":156671,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-12-16T00:43:57.602131Z","alert_count":2,"request_count":2,"received_data":2509,"sent_data":1478,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"lefados.xyz","ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"domain_registered":"2024-09-20","domain_rank":2043398,"first_seen":"2025-05-19T18:39:16.069206Z","last_seen":"2025-12-20T12:40:18.495949Z","alert_count":0,"request_count":4,"received_data":33259,"sent_data":1780,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn5-thumbs.motherlessmedia.com","ip":{"addr":"185.107.92.224","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2008-10-11","domain_rank":905009,"first_seen":"2018-12-23T05:30:23Z","last_seen":"2025-12-17T14:53:12.221165Z","alert_count":0,"request_count":1,"received_data":7155,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"lefados.xyz/rect.js","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b9acbcf5e6e19699246d62e25fe9d4dd","sha1":"59d4d99d0509fe22a2ba9da7bbde3b09ee1797d7","sha256":"f6f6fd3844a62bd23e714095b96d6a5a9ce75722c25f2ee103264ef40dbf2352","sha512":"674e7ff38453b3583147dbecbce7c5393373463061895f5dfcb6011cab41c3c5bd07da40498c75e10a23294816aa6c5610f4ec5e2c113856597b75f5833a3919","ssdeep":"","tlshash":"2e019c9e24e11c788e6331bc8eff713c5036298754574a12751d4d862fb130ec689d48","size":766,"data":"","first_seen":"2025-12-20T12:40:21.524387Z","last_seen":"2025-12-20T12:42:13.635572Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lefados.xyz/rums.js","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8152432c915271c18e13c9c8e421348f","sha1":"0d602ed659308bca7c3b70867848dc8a2bc097f9","sha256":"91639b0366a8e73ce52bf08854906bff55ee58a6855257fa6bce393ad58f09b3","sha512":"f0940f9af4b15564f638079358d81e1114e6a897cf15308a255b98d8e59223b902e014989f355f6dfe5f95fcffd2c0576fe596c8a004adf6ff032670b6eb525e","ssdeep":"","tlshash":"ba51522564a5502f6237135aaf7ecb9db6327c01714bac39c22d52f13490c53db4ecba","size":2674,"data":"","first_seen":"2025-10-25T19:34:56.329143Z","last_seen":"2026-01-03T12:00:08.420639Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","size":171200,"data":"","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lefados.xyz/","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c84956f4aa5d6847744a6ba2c43d96f","sha1":"c1214a3f64189b0972c50281a8e6d6ec94ce3c3d","sha256":"4e44f6855e84defb598ce0b690b66d558700646ec68300f645c50996d1d7357e","sha512":"02a2296c7c4c8b338c6c13e1f82e23bf255308857eaefcda1eac65e95b311300cebacbac34478ac03a26ee4402380c6b2d26a89983f404da5c81c337c8170cb4","ssdeep":"","tlshash":"7fa0243f0154441450d1140c047d4f1d00cc11070c403dd5374c411d0f0c0cf073140c","size":82,"data":"","first_seen":"2025-10-16T23:21:33.540096Z","last_seen":"2026-01-02T07:04:01.56738Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lefados.xyz/","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"df9390001e9c5b27d8f7fcf261d4280e","sha1":"87c29b783dfab5a90727a9de2d7161df5f0521cd","sha256":"bd73584d190a5032f103b0310212ece4c23b5bcfbf7cf1e6cc21b5c66a642673","sha512":"bd85ce7677bd5356c5f4c93b7c1ee996e99452d6dab83af291d9734dcacbd592aeaae21e3b82b212ca840834b2bffbf0f4a5e6f706a2708beb62ec23fef7699b","ssdeep":"","tlshash":"15d0122bed648c38432622d2bee66cd07ca550fd15db5c88920e78d02fc94da6b54f62","size":199,"data":"","first_seen":"2025-12-20T12:42:13.641313Z","last_seen":"2025-12-20T12:42:13.641313Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/inpagepush.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e7f0db26eb055502a3c717fa22faf536","sha1":"b965b83fc70e9098f6220f3896069100044e8b08","sha256":"d292485d1173d3ff605da3b3bec11c71156112a984eb891cceaebe215fa2f541","sha512":"fe6d5d4b0fa356ff2dd7b9a4c08163b25eb644abddc7cffe09e7a5112462b471a903f92e4aeaa920a6f0ce98b2bf54326cef6edb1e188e144e79107108961ca0","ssdeep":"768:a+bOIVSpFggvVZm5B1kp7yu1MOWCiXY26l708UzUSU7w0GRakGqq2UFAoZ3NMpBf:rOIVSp1GawV8kXHUFAoZ3NMpBinKHfVn","tlshash":"5b136f453e40c6573309cabfb533b8d4e3c60a6ab425169bab04bc8465c1a77faf6473","size":41812,"data":"","first_seen":"2025-12-17T19:33:45.31756Z","last_seen":"2026-01-13T12:29:41.97411Z","times_seen":97,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","size":56337,"data":"","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn5-images.motherlessmedia.com/images/983C119.jpg","fqdn":"cdn5-images.motherlessmedia.com","domain":"motherlessmedia.com","tld":"com"},"ip":{"addr":"185.107.92.224","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:48.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.motherlessmedia.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Nov 2025 00:00:00 GMT","end":"Tue, 22 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1C:9C:A7:64:1D:50:C4:66:FC:B5:AE:9C:CB:DF:AC:1E:1F:4B:A0:83","sha256":"FD:6F:CF:79:47:AA:EF:54:72:2A:60:E2:1B:57:6B:D6:33:60:E2:67:DA:83:68:95:02:34:5B:66:53:45:A1:0E"}}},"request":{"raw":"GET /images/983C119.jpg HTTP/1.1\r\nHost: cdn5-images.motherlessmedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: openresty/1.21.4.1\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 156394\r\nvary: x-s-token\r\nlast-modified: Sat, 29 Sep 2018 20:43:14 GMT\r\netag: \"262ea-577089ef7ec05\"\r\nx-cache: HIT\r\nx-whom: cdn06\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":156394,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1008x628, components 3","md5":"44ceddcb76bb6fe6d3dde15c4e866a42","sha1":"4f48a110774a5aa5fd9f130ba44c29bf32bb3e8a","sha256":"e6cf504f4a2ec2316a8051c34f57cd15ca3adc47f259772a4d75596d99316703","sha512":"9f1693dae3d4c3abc5ed5711f0ace770eec040d942b68a7f2caae7d316adeda1603733828142b796bbef6d3360ab46a0a35e569b40ed99777f80a5f66e1a4faa","ssdeep":"3072:B31IFZQhv+9ok9IG+6c87sBxwx+8GE4+sbD0P5/17VzkMKbxrruBS5iQK:B31IFZQhv+9ocTc8YBxex4+sbc5lAbxI","tlshash":"90e323045800788533db8ed3ffd42c970bd59a3578abbaf382f969c9b096638181968c","first_seen":"2025-12-20T12:40:21.515019Z","last_seen":"2025-12-20T12:42:13.631399Z","times_seen":2,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":120,"dns":1,"connect":19,"send":0,"wait":20,"receive":56,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/push.php?r=10445558\u0026ipp=1\u0026mads=2\u0026position=top\u0026srs=f20b4843c1662648f879ee22d9684904\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026cbpage=https%3A%2F%2Flefados.xyz%2F\u0026atv=74.0\u0026cbref=\u0026btp=0.01","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:49.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/push.php?r=10445558\u0026ipp=1\u0026mads=2\u0026position=top\u0026srs=f20b4843c1662648f879ee22d9684904\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026cbpage=https%3A%2F%2Flefados.xyz%2F\u0026atv=74.0\u0026cbref=\u0026btp=0.01 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://lefados.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 202 Accepted\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Oba2k7BvndS0tDa7KsE2RR9WMXNGB6U%2F8fUHKrJRK%2F62TTqlFqfXwWcn%2BwquGWvtuwBRDUhr0VySY7%2Fj7EEbaSzFRQIpZEB2RXThRM94K%2B0mZls%3D\"}]}\r\ncf-ray: 9b0f37553a92783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"21c7379d053e172c3743ee9d2242cfad","sha1":"5fade556978456e57775a8be72573e9b19183ccf","sha256":"c1c7af7c590e28f1ecc73d8a997169aa69c34d77a1bfbc8a19f3dc90eb915e69","sha512":"7298a2631d0d66fc7d437969262c0850810fbb6db6a9b35b0f624776bb779ad11bf6da8af21d58fe07e353015c746af7acb3949340b688133d375891c313e5cf","ssdeep":"","tlshash":"4bb09b3269d86e417833d7e169e1550200c515db14f4119650e52468e558355141d85c","first_seen":"2025-12-20T12:42:13.632384Z","last_seen":"2025-12-20T12:42:13.632384Z","times_seen":1,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":156,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=10464206\u0026cbur=0.3358869731694487\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=lefados%20porn%20-%20no%20no%20no\u0026cbpage=https%3A%2F%2Flefados.xyz%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1766234509945\u0026srs=f20b4843c1662648f879ee22d9684904\u0026atv=74.0\u0026btp=0.01\u0026pblcz=10445558","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:49.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/suurl5.php?r=10464206\u0026cbur=0.3358869731694487\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=lefados%20porn%20-%20no%20no%20no\u0026cbpage=https%3A%2F%2Flefados.xyz%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1766234509945\u0026srs=f20b4843c1662648f879ee22d9684904\u0026atv=74.0\u0026btp=0.01\u0026pblcz=10445558 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://lefados.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 12:41:50 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gt%2BHJiP03zoSTWPwZbPRmlwH8boUSzCXIm8fSCFNXgg8W9fn0pBtipiwJmYctRFtk7zetFhOZR052or1h8ItgzPDq8NMBDZlidR0J4yLtnY%2FtdM%3D\"}]}\r\ncf-ray: 9b0f37574ee9783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":987,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ce28a466a28f4af94d381c31ae71e313","sha1":"8356533299363cbe344cea72765041f1144f5c7e","sha256":"4c182ad21b16e6e0818bc25511f87739f88554cd521a0ca0b0890b609c06609f","sha512":"0f832ac5b4de11b9ad91710f907b7fe7d27d68292f58797701a616ae6e000f2b200b343b8cc6d6e50f7fcb66c38961f52f4091a64b3b8c3ed9e1e74a340dc558","ssdeep":"","tlshash":"f21165437e58667ac5acb8c1eafe943928003046e810fc41b71abc314bd999c597be52","first_seen":"2025-12-20T12:42:13.633428Z","last_seen":"2025-12-20T12:42:13.633428Z","times_seen":1,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":12,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lefados.xyz/","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T12:41:48.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lefados.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:01:27 GMT","end":"Tue, 10 Mar 2026 05:01:26 GMT"},"fingerprint":{"sha1":"38:48:44:DC:D3:F2:43:F3:57:AC:D2:CD:B9:9D:E7:81:30:EA:71:1A","sha256":"17:06:46:93:46:9C:85:3F:4B:58:E3:15:AD:8C:49:85:07:24:19:E3:13:09:6F:BD:04:C7:1A:3B:A3:95:3E:FA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: lefados.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 12:41:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 4141\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25810,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"81ddf8fdf0b84d402e48793d46245ba5","sha1":"485c0e8a7c1b983440418192b9dc040970bb1615","sha256":"f2b261a8c429aad63221081278f2facaa1fd1f822ef1389a4a31e25ea222dc83","sha512":"e36ce23250d0a8da228303415bec7caa6b6365b9ed4c43b898f3bb63bd744697b359b611508ace8d818aba1748ae137e47b5ba520f45ca761b5af5b27f9494fe","ssdeep":"768:djFjFJXFVMF4FqOa6XC/pH0LNA6E+0CKmSK1euCMHtRdMbqpTJv2g:lxnXoekOa3AaX6rR5","tlshash":"97c2054395f304155197f2c4ba31177bbd56ae43e027893cb9ac5bd8cfb3e864883a89","first_seen":"2025-12-20T12:42:13.634489Z","last_seen":"2025-12-20T12:42:13.634489Z","times_seen":1,"resource_available":false,"data":null}},"time_used":754,"timings":{"blocked":299,"dns":1,"connect":144,"send":0,"wait":154,"receive":1,"ssl":152},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lefados.xyz/rect.js","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:48.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lefados.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:01:27 GMT","end":"Tue, 10 Mar 2026 05:01:26 GMT"},"fingerprint":{"sha1":"38:48:44:DC:D3:F2:43:F3:57:AC:D2:CD:B9:9D:E7:81:30:EA:71:1A","sha256":"17:06:46:93:46:9C:85:3F:4B:58:E3:15:AD:8C:49:85:07:24:19:E3:13:09:6F:BD:04:C7:1A:3B:A3:95:3E:FA"}}},"request":{"raw":"GET /rect.js HTTP/1.1\r\nHost: lefados.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lefados.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 766\r\nlast-modified: Sat, 06 Dec 2025 10:15:35 GMT\r\netag: \"69340247-2fe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":766,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (365)","md5":"b9acbcf5e6e19699246d62e25fe9d4dd","sha1":"59d4d99d0509fe22a2ba9da7bbde3b09ee1797d7","sha256":"f6f6fd3844a62bd23e714095b96d6a5a9ce75722c25f2ee103264ef40dbf2352","sha512":"674e7ff38453b3583147dbecbce7c5393373463061895f5dfcb6011cab41c3c5bd07da40498c75e10a23294816aa6c5610f4ec5e2c113856597b75f5833a3919","ssdeep":"","tlshash":"2e019c9e24e11c788e6331bc8eff713c5036298754574a12751d4d862fb130ec689d48","first_seen":"2025-12-20T12:40:21.524387Z","last_seen":"2025-12-20T12:42:13.635572Z","times_seen":2,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn5-thumbs.motherlessmedia.com/thumbs/FE71227.jpg","fqdn":"cdn5-thumbs.motherlessmedia.com","domain":"motherlessmedia.com","tld":"com"},"ip":{"addr":"185.107.92.224","port":443,"asn":43350,"as":"NForce Entertainment B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:48.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.motherlessmedia.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Nov 2025 00:00:00 GMT","end":"Tue, 22 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1C:9C:A7:64:1D:50:C4:66:FC:B5:AE:9C:CB:DF:AC:1E:1F:4B:A0:83","sha256":"FD:6F:CF:79:47:AA:EF:54:72:2A:60:E2:1B:57:6B:D6:33:60:E2:67:DA:83:68:95:02:34:5B:66:53:45:A1:0E"}}},"request":{"raw":"GET /thumbs/FE71227.jpg HTTP/1.1\r\nHost: cdn5-thumbs.motherlessmedia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: openresty/1.21.4.1\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 6881\r\nvary: x-s-token\r\nlast-modified: Thu, 01 Jul 2021 11:03:43 GMT\r\netag: \"1ae1-5c60dcad0c0d2\"\r\nx-cache: HIT\r\nx-whom: cdn07\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":6881,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 180x240, components 3","md5":"5d105eab9cc59f338d4719fb244d0118","sha1":"5fc3b03f216f36418bcd5834452a41b3effdf5d2","sha256":"761ad0bcaf9dd32d7ffca05fbe189fecfbaf0cceaa92bfdb4048355bc8579abf","sha512":"527ceb0b1d1886cd1566b3540aeb89c2b7055a0b6d41083f6c93cdc563123a4268794e25ba248b8eb566b83626f3adced717a85da6d20c0d3cb18d4adf2fc682","ssdeep":"192:1JnCcRJZZWaE6+knxqhXe0zabSLz7zcyOm:1JNZlx+knE40zv7Wm","tlshash":"a4e1afa3b9d85f9dcd22cabb803a263073446d2cdcb1773eaf87d70705681d5b449a00","first_seen":"2024-10-06T09:19:28.178685Z","last_seen":"2026-01-28T02:11:33.388412Z","times_seen":8,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":117,"dns":1,"connect":22,"send":0,"wait":20,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/inpagepush.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:49.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/inpagepush.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxOMsAVwX__SfpwEeJLck19L1RJA_dK1emsk-6o3jkEXKCyKpfwZgDJnVzz-Z4v07vDntsEqgA0\r\nx-goog-generation: 1765975984005115\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 41812\r\nx-goog-hash: crc32c=Pu1qMQ==, md5=5/DbJusFVQKjxxf6Ivr1Ng==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Sat, 20 Dec 2025 13:41:49 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:53:04 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nage: 1772\r\ncf-cache-status: HIT\r\netag: W/\"e7f0db26eb055502a3c717fa22faf536\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b0f37528f765687-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41812,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (41811)","md5":"e7f0db26eb055502a3c717fa22faf536","sha1":"b965b83fc70e9098f6220f3896069100044e8b08","sha256":"d292485d1173d3ff605da3b3bec11c71156112a984eb891cceaebe215fa2f541","sha512":"fe6d5d4b0fa356ff2dd7b9a4c08163b25eb644abddc7cffe09e7a5112462b471a903f92e4aeaa920a6f0ce98b2bf54326cef6edb1e188e144e79107108961ca0","ssdeep":"768:a+bOIVSpFggvVZm5B1kp7yu1MOWCiXY26l708UzUSU7w0GRakGqq2UFAoZ3NMpBf:rOIVSp1GawV8kXHUFAoZ3NMpBinKHfVn","tlshash":"5b136f453e40c6573309cabfb533b8d4e3c60a6ab425169bab04bc8465c1a77faf6473","first_seen":"2025-12-17T19:33:45.31756Z","last_seen":"2026-01-13T12:29:41.97411Z","times_seen":97,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lefados.xyz/favicon.ico","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:49.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lefados.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:01:27 GMT","end":"Tue, 10 Mar 2026 05:01:26 GMT"},"fingerprint":{"sha1":"38:48:44:DC:D3:F2:43:F3:57:AC:D2:CD:B9:9D:E7:81:30:EA:71:1A","sha256":"17:06:46:93:46:9C:85:3F:4B:58:E3:15:AD:8C:49:85:07:24:19:E3:13:09:6F:BD:04:C7:1A:3B:A3:95:3E:FA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: lefados.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lefados.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: d8051=bm9yZWZ8fHwxfDB8MHxub25lfDA6; d8051b=1766234508\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 22 Jul 2025 04:31:22 GMT\r\netag: W/\"b52-63a7d1083953d\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2898,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (634)","md5":"f01ba522c3539135df33250082846848","sha1":"af31de06cf3d07cf83f104af8755b0cc5222ffc6","sha256":"2e8deb28946a6b41ccb927eaa43bbaa78ea82cef39a40638f2e5afa8e90e73ca","sha512":"5ca1b1d3c6f8e1948574a743bd6f58d9f430f9a576c9e656958dda81546a6b0baf0c02ff1b084640351a2bc44ba644e0f671aef0e2ff30981feec2af47764ee6","ssdeep":"","tlshash":"08515194c71c649fd35e24e6293e22c0282f8cb669a3ce7bbc77b174d6c800c87395a5","first_seen":"2025-04-07T04:58:47.339843Z","last_seen":"2026-04-04T01:52:25.0368Z","times_seen":5578,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.3836345600238046\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:49.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 12:57:52 GMT","end":"Tue, 10 Mar 2026 13:56:16 GMT"},"fingerprint":{"sha1":"77:2A:71:0C:1C:F9:2B:14:04:DB:13:5F:A6:57:67:6D:B3:A9:A0:95","sha256":"E0:53:FF:DF:EC:31:75:79:08:DF:B9:B1:56:18:5A:48:15:62:EF:8B:BB:4C:1B:05:1C:E8:DD:3F:0C:A4:80:41"}}},"request":{"raw":"POST /ut/hb.php?cb=0.3836345600238046\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 1430\r\nOrigin: https://lefados.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1430,"data":"{\"clientHints\":{},\"isScrollable\":1,\"totalClicks\":0,\"sessionLength\":1,\"ippMissclicks\":0,\"visible\":1,\"caught\":0,\"lastevent\":0,\"isFullscreen\":0,\"isTabFocused\":1,\"eventImps\":0,\"retryCounts\":0,\"isScrolled\":1,\"isMouseMoved\":0,\"pagePercentageSeen\":30,\"belowTheFoldSeen\":0,\"touchEnd\":0,\"touchMove\":0,\"clicksByType\":{\"idle\":0,\"input\":0,\"video\":0,\"button\":0,\"link\":0,\"img\":0},\"browsingTopics\":[],\"ufp\":\"Win32/Mozilla/Netscape/true/false/1280x10240en-USunknown4824 bits\",\"sessionStartTime\":1766234509,\"sessionId\":\"f20b4843c1662648f879ee22d9684904\",\"timeZoneOffset\":0,\"zones\":[\"10445558\"],\"pUrl\":\"https%3A%2F%2Flefados.xyz%2F\",\"pReferrer\":\"\",\"pTitle\":\"lefados%20porn%20-%20no%20no%20no\",\"pDescription\":\"\",\"pKeywords\":\"\",\"pHasIframes\":0,\"pWidth\":1280,\"pHeight\":3511,\"vWidth\":1280,\"vHeight\":1024,\"inIframe\":0,\"bsd\":\"eyJwcm9iYWJpbGl0eSI6MC4wMSwicGVyU2lnbmFsIjp7ImlzV2ViRHJpdmVyUHJlc2VudCI6MCwiaXNDRFBEZXRlY3RlZCI6MCwiYXV0b21hdGVkQnJvd3Nlckdsb2JhbHMiOjAsImlzV2luZG93Q0RDIjowLCJkb2VzVUFDb250YWluSGVhZGxlc3NLZXl3b3JkIjowLCJpc0ZpcmVmb3hNaXNtYXRjaCI6MCwiaW5jb25zaXN0ZW5jaWVzIjowLCJpc0Nocm9tZUZvclRlc3RpbmciOjAsImRldGVjdENTU0Fub21hbGllcyI6MCwiaXNIZWFkbGVzc1Blcm1pc3Npb25NYXRjaGVkIjowLCJkZXRlY3RMb2NhbFN0b3JhZ2UiOjAsIm5vUGx1Z2luc1ByZXNlbnQiOjAsIm1pc3NpbmdXZWJSVEMiOjAsIm1pc3NpbmdBdWRpb1ZpZGVvIjowLCJtaXNzaW5nQ2FudmFzIjowLCJtb3VzZU1vdmVTY29yZSI6MCwiY2VudGVyZWRDbGlja1BlcmNlbnRhZ2UiOjAsInNjcm9sbFN1c3BpY2lvdXNTY29yZSI6MH19\",\"sentTimestamp\":1766234509575}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DlDgjfQqVd7NzYh2PipKaV1KVwofOekhSzxg4hppcHG0x4qMOwurPCTryu0UUK590LFgbFVsZ0Bwacvr1a4ksrzOd1HaiSwJ%2FXIawPc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b0f37553a223181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":15,"dns":1,"connect":3,"send":0,"wait":146,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:49.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/suv5.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxNjhSDeDCfYo-S78XpemEZnhLs0YZyYX5_rJheSp9k4DAZ7joWf_yJ-Klid8bb4F0I2tvNB6HM\r\nx-goog-generation: 1765976148566843\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 56337\r\nx-goog-hash: crc32c=C6SdHA==, md5=mj1apJ684TpjmecDoRbsmw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nexpires: Sat, 20 Dec 2025 13:41:49 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:55:48 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nage: 411\r\ncf-cache-status: HIT\r\netag: W/\"9a3d5aa49ebce13a6399e703a116ec9b\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b0f37568a365687-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56337,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (56336)","md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lefados.xyz/rums.js","fqdn":"lefados.xyz","domain":"lefados.xyz","tld":"xyz"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:48.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lefados.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:01:27 GMT","end":"Tue, 10 Mar 2026 05:01:26 GMT"},"fingerprint":{"sha1":"38:48:44:DC:D3:F2:43:F3:57:AC:D2:CD:B9:9D:E7:81:30:EA:71:1A","sha256":"17:06:46:93:46:9C:85:3F:4B:58:E3:15:AD:8C:49:85:07:24:19:E3:13:09:6F:BD:04:C7:1A:3B:A3:95:3E:FA"}}},"request":{"raw":"GET /rums.js HTTP/1.1\r\nHost: lefados.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lefados.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2674\r\nlast-modified: Tue, 21 Oct 2025 09:54:48 GMT\r\netag: \"68f75868-a72\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2674,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (559)","md5":"8152432c915271c18e13c9c8e421348f","sha1":"0d602ed659308bca7c3b70867848dc8a2bc097f9","sha256":"91639b0366a8e73ce52bf08854906bff55ee58a6855257fa6bce393ad58f09b3","sha512":"f0940f9af4b15564f638079358d81e1114e6a897cf15308a255b98d8e59223b902e014989f355f6dfe5f95fcffd2c0576fe596c8a004adf6ff032670b6eb525e","ssdeep":"","tlshash":"ba51522564a5502f6237135aaf7ecb9db6327c01714bac39c22d52f13490c53db4ecba","first_seen":"2025-10-25T19:34:56.329143Z","last_seen":"2026-01-03T12:00:08.420639Z","times_seen":9,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lefados.xyz/","date":"2025-12-20T12:41:48.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/aclib.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lefados.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 12:41:49 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxN2iBpb-t5ZfS7VArRJLFCT_VqFVa-k_zQ-uVo_DGLQ5Kg_G4ZI5UED5xfr9wCf76B8\r\nx-goog-generation: 1765975833874839\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 171200\r\nx-goog-hash: crc32c=Y6PsGw==, md5=SCUDcDR8fy0FQyHgPI45Tw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Sat, 20 Dec 2025 13:41:49 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:50:33 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nage: 1790\r\ncf-cache-status: HIT\r\netag: W/\"48250370347c7f2d054321e03c8e394f\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b0f375148e7712b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":171200,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":17,"dns":1,"connect":2,"send":0,"wait":20,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}