{"report_id":"1d90c7d4-7019-46bb-b476-5aa5f6ee999a","version":6,"status":"done","tags":[],"date":"2026-01-02T07:03:59Z","url":{"schema":"http","addr":"xxxwtf.com/","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":0,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"xxxwtf.com/","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"title":"XXX WTF - free porn galleries","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xxxwtf.com/","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":0,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-06T07:03:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":11}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"inadsexchange.com","ip":{"addr":"104.21.7.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-03","domain_rank":205547,"first_seen":"2025-07-30T12:37:41.182716Z","last_seen":"2026-01-01T12:28:35.850576Z","alert_count":0,"request_count":1,"received_data":530,"sent_data":1213,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"acscdn.com","ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-05","domain_rank":18769,"first_seen":"2020-05-06T08:07:13Z","last_seen":"2025-12-31T07:12:02.732329Z","alert_count":3,"request_count":3,"received_data":272050,"sent_data":1231,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-12-30T12:40:20.855851Z","alert_count":2,"request_count":2,"received_data":4274,"sent_data":1552,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"usrpubtrk.com","ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2026-01-01T07:24:01.334994Z","alert_count":5,"request_count":1,"received_data":532,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"xxxwtf.com","ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"domain_registered":"2022-10-23","domain_rank":1509011,"first_seen":"2022-11-18T09:00:04Z","last_seen":"2024-05-08T07:09:13Z","alert_count":28,"request_count":7,"received_data":605987,"sent_data":3062,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","size":171200,"data":"","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c84956f4aa5d6847744a6ba2c43d96f","sha1":"c1214a3f64189b0972c50281a8e6d6ec94ce3c3d","sha256":"4e44f6855e84defb598ce0b690b66d558700646ec68300f645c50996d1d7357e","sha512":"02a2296c7c4c8b338c6c13e1f82e23bf255308857eaefcda1eac65e95b311300cebacbac34478ac03a26ee4402380c6b2d26a89983f404da5c81c337c8170cb4","ssdeep":"","tlshash":"7fa0243f0154441450d1140c047d4f1d00cc11070c403dd5374c411d0f0c0cf073140c","size":82,"data":"","first_seen":"2025-10-16T23:21:33.540096Z","last_seen":"2026-01-02T07:04:01.56738Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/inpagepush.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e7f0db26eb055502a3c717fa22faf536","sha1":"b965b83fc70e9098f6220f3896069100044e8b08","sha256":"d292485d1173d3ff605da3b3bec11c71156112a984eb891cceaebe215fa2f541","sha512":"fe6d5d4b0fa356ff2dd7b9a4c08163b25eb644abddc7cffe09e7a5112462b471a903f92e4aeaa920a6f0ce98b2bf54326cef6edb1e188e144e79107108961ca0","ssdeep":"768:a+bOIVSpFggvVZm5B1kp7yu1MOWCiXY26l708UzUSU7w0GRakGqq2UFAoZ3NMpBf:rOIVSp1GawV8kXHUFAoZ3NMpBinKHfVn","tlshash":"5b136f453e40c6573309cabfb533b8d4e3c60a6ab425169bab04bc8465c1a77faf6473","size":41812,"data":"","first_seen":"2025-12-17T19:33:45.31756Z","last_seen":"2026-01-13T12:29:41.97411Z","times_seen":97,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","size":56337,"data":"","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/rect.js","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"48fd3ca96d330d801e77cc3db483ea39","sha1":"a0c3394de77b662ceb1b7ea549cdf2a82aca0147","sha256":"0adaa6ef7f5c881dfb3f6b072664d8c79e0ccc2ceae1aaa727e265b476fe1ca6","sha512":"260f5419fae4d259eff36575f3e8018808d6ee61473df9655dbe0e5a8542f0945432024ac0b397e8e355dd106fb7b55a425a16dd718b3fa8349554c452955ad3","ssdeep":"","tlshash":"270197ae64e228788e6331bc4fff613c5036258764478a23792d5d862fb531ec689d88","size":769,"data":"","first_seen":"2026-01-02T07:04:01.561436Z","last_seen":"2026-01-02T07:04:01.561436Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/rums.js","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8152432c915271c18e13c9c8e421348f","sha1":"0d602ed659308bca7c3b70867848dc8a2bc097f9","sha256":"91639b0366a8e73ce52bf08854906bff55ee58a6855257fa6bce393ad58f09b3","sha512":"f0940f9af4b15564f638079358d81e1114e6a897cf15308a255b98d8e59223b902e014989f355f6dfe5f95fcffd2c0576fe596c8a004adf6ff032670b6eb525e","ssdeep":"","tlshash":"ba51522564a5502f6237135aaf7ecb9db6327c01714bac39c22d52f13490c53db4ecba","size":2674,"data":"","first_seen":"2025-10-25T19:34:56.329143Z","last_seen":"2026-01-03T12:00:08.420639Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"41401126ba6247b1e3de4d1c7b75dc85","sha1":"7a4795c44c6daeb3dd549344cdd3406aa19b56f0","sha256":"a2dd7f85480a45a2c1e48e2b35109162672b6d492c76ab8a3203211357d55a5f","sha512":"cca7d51d2d1fb7ad51e5997b284927a871d59cd6c8d15ecdde1aa32fcda229c60608f8fcc9f32c0b0c078908f8995ea5ec9c2bf0c61fbc2abbabf1d22e9ce11e","ssdeep":"","tlshash":"00d02284a220807c30321202bd422ad32920b0e01856104c820e10e42bc50ca5300ef1","size":199,"data":"","first_seen":"2026-01-02T07:04:01.569299Z","last_seen":"2026-01-02T07:04:01.569299Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xxxwtf.com/","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-02T07:03:36.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxwtf.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:04:59 GMT","end":"Tue, 10 Mar 2026 05:04:58 GMT"},"fingerprint":{"sha1":"15:F2:42:0F:30:9E:2F:2D:01:B1:E4:69:37:F2:78:FE:91:DE:23:6A","sha256":"8F:F7:EB:AC:B2:59:0E:0E:E6:4C:FF:C5:B8:1A:A1:42:0E:1A:2C:10:E4:AE:BB:4A:D7:23:F1:6F:16:BC:20:2A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xxxwtf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 2722\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11236,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"88aba385dadc6e1b0c15744a4cf18346","sha1":"a7ce5db65a3a5908c848f7e50ce676fca53cd54d","sha256":"e760c77ef055843e1abe47c38e1fa8b59c6524c2e6ec160b583b92f298ea0be5","sha512":"eb5751120e65f4e19e3eda1278abeb7934fdb882fdd091e05e8dbe3c3a43e9fdd58f53b42a22e52d6884eaf50b09dc1972dc10567ce708ded5d90473b56317ef","ssdeep":"96:xj6evbJOI63DuYO7wFIiYL2f2TsESpGtW1rvWqB66BVX9FkZXzEe7c29lMJ:Rt6TOkFjYDGGtW1bW8HDbPe/W","tlshash":"d7327902b4f9744632213b895e503f3b9de2597353169865306f2cffef4aaea4817287","first_seen":"2026-01-02T07:04:01.545647Z","last_seen":"2026-01-02T07:04:01.545647Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1039,"timings":{"blocked":442,"dns":141,"connect":145,"send":0,"wait":155,"receive":0,"ssl":153},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"inadsexchange.com/script/i.php?t=1\u0026c=23986350\u0026stamat=m%257C%252C%252CAjf79jYToGU3B0-GH0dEdHP3xP.5fd%252Cw53sCAU_NEVCXj0oM4bnSV_W8CaIAixzInYswT8RSIHVcDqEmg_UZdFSPFZjlV-d_KYWkW-Q9N-uSMlsHddWjxJYjQGIoUAJ7oYPaQzKS3c_7QNoqVidDktkOmsCBs7xGm3iUwGLphd0ilCw1X9mfuDPSXSErehVcZAO5l6UKnrnTYzLsaRAJmwLrSBQgVhQyzC2C5cV8GUQ2cpzo2OCeP-ZFu9f26oHaDMzVMnVuorqHg8pQ8I-Z41XGEExFRKGz5_IrMVI-p9YsZ2ZngIlM08GjOVnMsQop9VVIRBWG7UuBmHPxPvYlmQTLCF1CWaLK5smSDbD-1C8erd9pWpBsoDcin8sFXwN3L7R1mnICPQq7LqpVrYUd-g7zAPhOuBAuiPVT54Hzi4gybyhf8v7Z4gRi15Q0HD68dEg8FHPGsZjKx5gbEgBk_UoxUg1ZaMhVaDPfLLkRg_U0LSfCQoE33imCDOvj3dMdSKyRIUq3NiDoHe_s7M_BHGeVxJNvJNXCJWIygRDG2y0IKaYY5bfC-OSpo7t4KV7HYJ7MKbJsFDWsGGXJ053DRzis5uZCE95VkdQ2HsOElIjqeAQsYogHyTZ_r60-X9JXHM4Vcrlt_Y%252C\u0026utsid=f96a4f80644d154f448bd5ae36088af3\u0026cbpage=https%3A%2F%2Fxxxwtf.com%2F\u0026cbref=","fqdn":"inadsexchange.com","domain":"inadsexchange.com","tld":"com"},"ip":{"addr":"104.21.7.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:38.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inadsexchange.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 07:51:57 GMT","end":"Fri, 06 Mar 2026 08:49:26 GMT"},"fingerprint":{"sha1":"8B:35:15:F4:0A:A6:B2:F7:75:B5:02:95:6D:60:99:47:B7:80:81:74","sha256":"A4:DE:09:1C:55:56:A2:44:6F:FB:21:4A:BA:C2:BB:5F:11:54:8D:42:5F:59:01:EC:B5:FF:33:41:1C:0A:40:C4"}}},"request":{"raw":"GET /script/i.php?t=1\u0026c=23986350\u0026stamat=m%257C%252C%252CAjf79jYToGU3B0-GH0dEdHP3xP.5fd%252Cw53sCAU_NEVCXj0oM4bnSV_W8CaIAixzInYswT8RSIHVcDqEmg_UZdFSPFZjlV-d_KYWkW-Q9N-uSMlsHddWjxJYjQGIoUAJ7oYPaQzKS3c_7QNoqVidDktkOmsCBs7xGm3iUwGLphd0ilCw1X9mfuDPSXSErehVcZAO5l6UKnrnTYzLsaRAJmwLrSBQgVhQyzC2C5cV8GUQ2cpzo2OCeP-ZFu9f26oHaDMzVMnVuorqHg8pQ8I-Z41XGEExFRKGz5_IrMVI-p9YsZ2ZngIlM08GjOVnMsQop9VVIRBWG7UuBmHPxPvYlmQTLCF1CWaLK5smSDbD-1C8erd9pWpBsoDcin8sFXwN3L7R1mnICPQq7LqpVrYUd-g7zAPhOuBAuiPVT54Hzi4gybyhf8v7Z4gRi15Q0HD68dEg8FHPGsZjKx5gbEgBk_UoxUg1ZaMhVaDPfLLkRg_U0LSfCQoE33imCDOvj3dMdSKyRIUq3NiDoHe_s7M_BHGeVxJNvJNXCJWIygRDG2y0IKaYY5bfC-OSpo7t4KV7HYJ7MKbJsFDWsGGXJ053DRzis5uZCE95VkdQ2HsOElIjqeAQsYogHyTZ_r60-X9JXHM4Vcrlt_Y%252C\u0026utsid=f96a4f80644d154f448bd5ae36088af3\u0026cbpage=https%3A%2F%2Fxxxwtf.com%2F\u0026cbref= HTTP/1.1\r\nHost: inadsexchange.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxwtf.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 02 Jan 2026 07:03:38 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s%2FMIn02sZN08sLAFJoyYxouW4Km9CCTX4CziUqRJugsAFRJlDWHGZYiFVuT0mN0dNC0Mwv7oDNySveXgj1t6X1GJjLRlEEdwtErsTQwQQvHJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7865d06fe11525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":40,"dns":7,"connect":13,"send":0,"wait":153,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/favicon.ico","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:38.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxwtf.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:04:59 GMT","end":"Tue, 10 Mar 2026 05:04:58 GMT"},"fingerprint":{"sha1":"15:F2:42:0F:30:9E:2F:2D:01:B1:E4:69:37:F2:78:FE:91:DE:23:6A","sha256":"8F:F7:EB:AC:B2:59:0E:0E:E6:4C:FF:C5:B8:1A:A1:42:0E:1A:2C:10:E4:AE:BB:4A:D7:23:F1:6F:16:BC:20:2A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xxxwtf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxwtf.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 8b54c=bm9yZWZ8fHwxfDB8MHxub25lfDA6; 8b54cb=1767337417\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 02 Jan 2026 07:03:38 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 22 Jul 2025 04:31:25 GMT\r\netag: W/\"b52-63a7d10b34f7b\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2898,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (634)","md5":"f01ba522c3539135df33250082846848","sha1":"af31de06cf3d07cf83f104af8755b0cc5222ffc6","sha256":"2e8deb28946a6b41ccb927eaa43bbaa78ea82cef39a40638f2e5afa8e90e73ca","sha512":"5ca1b1d3c6f8e1948574a743bd6f58d9f430f9a576c9e656958dda81546a6b0baf0c02ff1b084640351a2bc44ba644e0f671aef0e2ff30981feec2af47764ee6","ssdeep":"","tlshash":"08515194c71c649fd35e24e6293e22c0282f8cb669a3ce7bbc77b174d6c800c87395a5","first_seen":"2025-04-07T04:58:47.339843Z","last_seen":"2026-04-04T01:52:25.0368Z","times_seen":5578,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":150,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/rums.js","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxwtf.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:04:59 GMT","end":"Tue, 10 Mar 2026 05:04:58 GMT"},"fingerprint":{"sha1":"15:F2:42:0F:30:9E:2F:2D:01:B1:E4:69:37:F2:78:FE:91:DE:23:6A","sha256":"8F:F7:EB:AC:B2:59:0E:0E:E6:4C:FF:C5:B8:1A:A1:42:0E:1A:2C:10:E4:AE:BB:4A:D7:23:F1:6F:16:BC:20:2A"}}},"request":{"raw":"GET /rums.js HTTP/1.1\r\nHost: xxxwtf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxwtf.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2674\r\nlast-modified: Tue, 21 Oct 2025 09:50:03 GMT\r\netag: \"68f7574b-a72\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2674,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (559)","md5":"8152432c915271c18e13c9c8e421348f","sha1":"0d602ed659308bca7c3b70867848dc8a2bc097f9","sha256":"91639b0366a8e73ce52bf08854906bff55ee58a6855257fa6bce393ad58f09b3","sha512":"f0940f9af4b15564f638079358d81e1114e6a897cf15308a255b98d8e59223b902e014989f355f6dfe5f95fcffd2c0576fe596c8a004adf6ff032670b6eb525e","ssdeep":"","tlshash":"ba51522564a5502f6237135aaf7ecb9db6327c01714bac39c22d52f13490c53db4ecba","first_seen":"2025-10-25T19:34:56.329143Z","last_seen":"2026-01-03T12:00:08.420639Z","times_seen":9,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/aclib.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxwtf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxN2iBpb-t5ZfS7VArRJLFCT_VqFVa-k_zQ-uVo_DGLQ5Kg_G4ZI5UED5xfr9wCf76B8\r\nx-goog-generation: 1765975833874839\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 171200\r\nx-goog-hash: crc32c=Y6PsGw==, md5=SCUDcDR8fy0FQyHgPI45Tw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Fri, 02 Jan 2026 08:03:37 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:50:33 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nage: 2221\r\ncf-cache-status: HIT\r\netag: W/\"48250370347c7f2d054321e03c8e394f\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b7865cbd9b456cb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":171200,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"resource_available":true,"data":null}},"time_used":66,"timings":{"blocked":19,"dns":5,"connect":1,"send":0,"wait":18,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/images/43.gif","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxwtf.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:04:59 GMT","end":"Tue, 10 Mar 2026 05:04:58 GMT"},"fingerprint":{"sha1":"15:F2:42:0F:30:9E:2F:2D:01:B1:E4:69:37:F2:78:FE:91:DE:23:6A","sha256":"8F:F7:EB:AC:B2:59:0E:0E:E6:4C:FF:C5:B8:1A:A1:42:0E:1A:2C:10:E4:AE:BB:4A:D7:23:F1:6F:16:BC:20:2A"}}},"request":{"raw":"GET /images/43.gif HTTP/1.1\r\nHost: xxxwtf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxwtf.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: image/gif\r\ncontent-length: 478638\r\nlast-modified: Tue, 22 Jul 2025 08:01:08 GMT\r\netag: \"687f4544-74dae\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":478638,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 380 x 214","md5":"c6a396aecea6a2bf2a0231d28bd6735d","sha1":"a9dfad1f75df5d7ac47f98b68b71b708c62733d9","sha256":"c9bcaa3adac4fffbd481fd4393d323c72a70f32cd315296b9b60eed21a95d179","sha512":"23fca0cd2f646945b68aeb4a33b84648d90d84e49fec95e01904f2d06f212bd81e59a9e858f6b76b91d7d6df1e372f1cadbdeb946e8f98161327a90db02db8a3","ssdeep":"12288:yPwPR8r+/0IkjH39XDGBMijrKqbdFyG+VvBPXFaTrMh/AmR:NzI9XD8jBbdg3r9aMhh","tlshash":"dba42302d08a1370ea4570ffa11add97c2267deef9f16831ad7c5b1534b5be888e42c9","first_seen":"2026-01-02T07:04:01.554693Z","last_seen":"2026-01-02T07:04:01.554693Z","times_seen":1,"resource_available":false,"data":null}},"time_used":747,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":601,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/images/aaa.jpg","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxwtf.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:04:59 GMT","end":"Tue, 10 Mar 2026 05:04:58 GMT"},"fingerprint":{"sha1":"15:F2:42:0F:30:9E:2F:2D:01:B1:E4:69:37:F2:78:FE:91:DE:23:6A","sha256":"8F:F7:EB:AC:B2:59:0E:0E:E6:4C:FF:C5:B8:1A:A1:42:0E:1A:2C:10:E4:AE:BB:4A:D7:23:F1:6F:16:BC:20:2A"}}},"request":{"raw":"GET /images/aaa.jpg HTTP/1.1\r\nHost: xxxwtf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxwtf.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19225\r\nlast-modified: Wed, 08 Jan 2025 11:28:19 GMT\r\netag: \"677e6153-4b19\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19225,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3","md5":"054299f2c535feb22c25f42febeb8afc","sha1":"6f288e13d0a8fe493fdfbb5333cc26cf31b00d56","sha256":"4a71bbfe6a12b537fa978d5f323c03ba7890c8c665517d0a1600cdc64775d429","sha512":"8301fc1f9246c5944e4fac0935ff26cd14e987dfccbaeac821f88746ac8991bae673bb590f5c958313356f9afac1a41597cf2978eb3230f77116bf9f68915bcb","ssdeep":"384:q4nWAAaWhVeDvgaYDgQyezjSmfXZhjymE/xihyjYfMcW:fnWp1ezgIQ9Ssjym+wQ+M5","tlshash":"c882c00bb0e5a806abccaf7415cdc27a84d81916dc21e0cbe8cfee529451f823a045a3","first_seen":"2026-01-02T07:04:01.556854Z","last_seen":"2026-01-02T07:04:01.556854Z","times_seen":1,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":432,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=10464206\u0026cbur=0.8341192690829857\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=XXX%20WTF%20-%20free%20porn%20galleries\u0026cbpage=https%3A%2F%2Fxxxwtf.com%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=very%20young%2C%20ultra%20young%2C%20young%20porn%2C%20young%20girls%2C%20\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1767337418318\u0026srs=f96a4f80644d154f448bd5ae36088af3\u0026atv=74.0\u0026btp=0.01\u0026pblcz=10445558","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:38.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/suurl5.php?r=10464206\u0026cbur=0.8341192690829857\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=XXX%20WTF%20-%20free%20porn%20galleries\u0026cbpage=https%3A%2F%2Fxxxwtf.com%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=very%20young%2C%20ultra%20young%2C%20young%20porn%2C%20young%20girls%2C%20\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1767337418318\u0026srs=f96a4f80644d154f448bd5ae36088af3\u0026atv=74.0\u0026btp=0.01\u0026pblcz=10445558 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxwtf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxwtf.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 02 Jan 2026 07:03:38 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gkZ9APvkkAYjhRPvuRzjJA9t0YysQVuTbXh5MavBES4BLDoZruEo8Z6knB19YQENPlQrkffd0B0voww%2B3NMWWW0RrtfRup8oOz9Vz9zNSYBP\"}]}\r\ncf-ray: 9b7865d07951568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1006,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"701601b110564cac254e5533b1ee2930","sha1":"7649174bde241fe6085610787f485dcd1df397de","sha256":"ce4ac5640e07b07a2d44ba843a1f6544bb9eeeb1d892d9fb99ae6c4d501c8966","sha512":"3a72f35112ff238aeaaad3f876883ccee958d18ea16bccb6b142ef03992e9fd68fe631d449671d29fbad20af7c742939ee15b2afbe0db3875b59f3acd44e54e5","ssdeep":"","tlshash":"2111a8392d49601df6b4a0c907b2ca2e09a220e3ded55e60e2912cd9d32d4943e0b1a6","first_seen":"2026-01-02T07:04:01.558912Z","last_seen":"2026-01-02T07:04:01.558912Z","times_seen":1,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":193,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.5252542238736653\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:38.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 12:57:52 GMT","end":"Tue, 10 Mar 2026 13:56:16 GMT"},"fingerprint":{"sha1":"77:2A:71:0C:1C:F9:2B:14:04:DB:13:5F:A6:57:67:6D:B3:A9:A0:95","sha256":"E0:53:FF:DF:EC:31:75:79:08:DF:B9:B1:56:18:5A:48:15:62:EF:8B:BB:4C:1B:05:1C:E8:DD:3F:0C:A4:80:41"}}},"request":{"raw":"POST /ut/hb.php?cb=0.5252542238736653\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 1509\r\nOrigin: https://xxxwtf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxwtf.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1509,"data":"{\"clientHints\":{},\"isScrollable\":1,\"totalClicks\":0,\"sessionLength\":0,\"ippMissclicks\":0,\"visible\":1,\"caught\":0,\"lastevent\":0,\"isFullscreen\":0,\"isTabFocused\":1,\"eventImps\":0,\"retryCounts\":0,\"isScrolled\":1,\"isMouseMoved\":0,\"pagePercentageSeen\":83,\"belowTheFoldSeen\":0,\"touchEnd\":0,\"touchMove\":0,\"clicksByType\":{\"idle\":0,\"input\":0,\"video\":0,\"button\":0,\"link\":0,\"img\":0},\"browsingTopics\":[],\"ufp\":\"Win32/Mozilla/Netscape/true/false/1280x10240en-USunknown4824 bits\",\"sessionStartTime\":1767337418,\"sessionId\":\"f96a4f80644d154f448bd5ae36088af3\",\"timeZoneOffset\":0,\"zones\":[\"10445558\"],\"pUrl\":\"https%3A%2F%2Fxxxwtf.com%2F\",\"pReferrer\":\"\",\"pTitle\":\"XXX%20WTF%20-%20free%20porn%20galleries\",\"pDescription\":\"\",\"pKeywords\":\"very%20young%2C%20ultra%20young%2C%20young%20porn%2C%20young%20girls%2C%20\",\"pHasIframes\":0,\"pWidth\":1280,\"pHeight\":1515,\"vWidth\":1280,\"vHeight\":1024,\"inIframe\":0,\"bsd\":\"eyJwcm9iYWJpbGl0eSI6MC4wMSwicGVyU2lnbmFsIjp7ImlzV2ViRHJpdmVyUHJlc2VudCI6MCwiaXNDRFBEZXRlY3RlZCI6MCwiYXV0b21hdGVkQnJvd3Nlckdsb2JhbHMiOjAsImlzV2luZG93Q0RDIjowLCJkb2VzVUFDb250YWluSGVhZGxlc3NLZXl3b3JkIjowLCJpc0ZpcmVmb3hNaXNtYXRjaCI6MCwiaW5jb25zaXN0ZW5jaWVzIjowLCJpc0Nocm9tZUZvclRlc3RpbmciOjAsImRldGVjdENTU0Fub21hbGllcyI6MCwiaXNIZWFkbGVzc1Blcm1pc3Npb25NYXRjaGVkIjowLCJkZXRlY3RMb2NhbFN0b3JhZ2UiOjAsIm5vUGx1Z2luc1ByZXNlbnQiOjAsIm1pc3NpbmdXZWJSVEMiOjAsIm1pc3NpbmdBdWRpb1ZpZGVvIjowLCJtaXNzaW5nQ2FudmFzIjowLCJtb3VzZU1vdmVTY29yZSI6MCwiY2VudGVyZWRDbGlja1BlcmNlbnRhZ2UiOjAsInNjcm9sbFN1c3BpY2lvdXNTY29yZSI6MH19\",\"sentTimestamp\":1767337418003}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 02 Jan 2026 07:03:38 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jmubbpMV0lustdByMasO9pGRiw6uNWK4tSBCTSaf%2BQT8vTrZqvwR%2B9ezkQcwzCifz86tpDLEwBE8tDKHVfVb4qrpcj%2B3iTNDTdtDmUQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7865cedae3723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":22,"dns":4,"connect":1,"send":0,"wait":155,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:38.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/suv5.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxwtf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 07:03:38 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxNjhSDeDCfYo-S78XpemEZnhLs0YZyYX5_rJheSp9k4DAZ7joWf_yJ-Klid8bb4F0I2tvNB6HM\r\nx-goog-generation: 1765976148566843\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 56337\r\nx-goog-hash: crc32c=C6SdHA==, md5=mj1apJ684TpjmecDoRbsmw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nexpires: Fri, 02 Jan 2026 08:03:38 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:55:48 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nage: 1295\r\ncf-cache-status: HIT\r\netag: W/\"9a3d5aa49ebce13a6399e703a116ec9b\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b7865d02d2ab4f7-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56337,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (56336)","md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/rect.js","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxwtf.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:04:59 GMT","end":"Tue, 10 Mar 2026 05:04:58 GMT"},"fingerprint":{"sha1":"15:F2:42:0F:30:9E:2F:2D:01:B1:E4:69:37:F2:78:FE:91:DE:23:6A","sha256":"8F:F7:EB:AC:B2:59:0E:0E:E6:4C:FF:C5:B8:1A:A1:42:0E:1A:2C:10:E4:AE:BB:4A:D7:23:F1:6F:16:BC:20:2A"}}},"request":{"raw":"GET /rect.js HTTP/1.1\r\nHost: xxxwtf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxwtf.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 769\r\nlast-modified: Sat, 06 Dec 2025 10:19:15 GMT\r\netag: \"69340323-301\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":769,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (366)","md5":"48fd3ca96d330d801e77cc3db483ea39","sha1":"a0c3394de77b662ceb1b7ea549cdf2a82aca0147","sha256":"0adaa6ef7f5c881dfb3f6b072664d8c79e0ccc2ceae1aaa727e265b476fe1ca6","sha512":"260f5419fae4d259eff36575f3e8018808d6ee61473df9655dbe0e5a8542f0945432024ac0b397e8e355dd106fb7b55a425a16dd718b3fa8349554c452955ad3","ssdeep":"","tlshash":"270197ae64e228788e6331bc4fff613c5036258764478a23792d5d862fb531ec689d88","first_seen":"2026-01-02T07:04:01.561436Z","last_seen":"2026-01-02T07:04:01.561436Z","times_seen":1,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxwtf.com/images/ju2.png","fqdn":"xxxwtf.com","domain":"xxxwtf.com","tld":"com"},"ip":{"addr":"162.244.33.34","port":443,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxwtf.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 05:04:59 GMT","end":"Tue, 10 Mar 2026 05:04:58 GMT"},"fingerprint":{"sha1":"15:F2:42:0F:30:9E:2F:2D:01:B1:E4:69:37:F2:78:FE:91:DE:23:6A","sha256":"8F:F7:EB:AC:B2:59:0E:0E:E6:4C:FF:C5:B8:1A:A1:42:0E:1A:2C:10:E4:AE:BB:4A:D7:23:F1:6F:16:BC:20:2A"}}},"request":{"raw":"GET /images/ju2.png HTTP/1.1\r\nHost: xxxwtf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxwtf.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 88526\r\nlast-modified: Sat, 13 Dec 2025 19:46:28 GMT\r\netag: \"693dc294-159ce\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88526,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 231 x 194, 8-bit/color RGBA, non-interlaced","md5":"d409754b2a319eb108336e90620f4636","sha1":"fb8f992f57227fb7d621330c2ad7d47cb02932d5","sha256":"59e297e84647cd752b339b3cd0591bb252a350e6c303b29b0457058ef3d3d152","sha512":"fd41cfdfa850ddf5e10f1be70071a753b3d3602482bea88ebd3ab67e82408bdec9a62eafe9ee8d076f76f7eb55975665e1fb41cf74704d29dda8f9a9984c48d3","ssdeep":"1536:hq5imXR7xOCrhOUN2QMxE3nhZQSCltJ/zfKvvK8dqx0nQqqJ6XPaEjfiU9hB9G9V:2bxNrhx2bERZ3A/uvytMqJ2P1fZdW","tlshash":"a68302b4af9cf23994bd45c35dd8b9274f227d020f684c6eb269e61b5280d3f9c47285","first_seen":"2026-01-02T07:04:01.563316Z","last_seen":"2026-01-02T07:04:01.563316Z","times_seen":1,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":432,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-02","alert":"Content Category / Application Block","trigger":"xxxwtf.com","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"xxxwtf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/inpagepush.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/inpagepush.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxwtf.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 07:03:37 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxOMsAVwX__SfpwEeJLck19L1RJA_dK1emsk-6o3jkEXKCyKpfwZgDJnVzz-Z4v07vDntsEqgA0\r\nx-goog-generation: 1765975984005115\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 41812\r\nx-goog-hash: crc32c=Pu1qMQ==, md5=5/DbJusFVQKjxxf6Ivr1Ng==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Fri, 02 Jan 2026 08:03:37 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:53:04 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nage: 2960\r\ncf-cache-status: HIT\r\netag: W/\"e7f0db26eb055502a3c717fa22faf536\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b7865cceb64b4f7-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41812,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (41811)","md5":"e7f0db26eb055502a3c717fa22faf536","sha1":"b965b83fc70e9098f6220f3896069100044e8b08","sha256":"d292485d1173d3ff605da3b3bec11c71156112a984eb891cceaebe215fa2f541","sha512":"fe6d5d4b0fa356ff2dd7b9a4c08163b25eb644abddc7cffe09e7a5112462b471a903f92e4aeaa920a6f0ce98b2bf54326cef6edb1e188e144e79107108961ca0","ssdeep":"768:a+bOIVSpFggvVZm5B1kp7yu1MOWCiXY26l708UzUSU7w0GRakGqq2UFAoZ3NMpBf:rOIVSp1GawV8kXHUFAoZ3NMpBinKHfVn","tlshash":"5b136f453e40c6573309cabfb533b8d4e3c60a6ab425169bab04bc8465c1a77faf6473","first_seen":"2025-12-17T19:33:45.31756Z","last_seen":"2026-01-13T12:29:41.97411Z","times_seen":97,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/push.php?r=10445558\u0026ipp=1\u0026mads=2\u0026position=top\u0026srs=f96a4f80644d154f448bd5ae36088af3\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026cbpage=https%3A%2F%2Fxxxwtf.com%2F\u0026atv=74.0\u0026cbref=\u0026btp=0.01","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxwtf.com/","date":"2026-01-02T07:03:37.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/push.php?r=10445558\u0026ipp=1\u0026mads=2\u0026position=top\u0026srs=f96a4f80644d154f448bd5ae36088af3\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026cbpage=https%3A%2F%2Fxxxwtf.com%2F\u0026atv=74.0\u0026cbref=\u0026btp=0.01 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxwtf.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxwtf.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 02 Jan 2026 07:03:38 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NQLSnjue2hSIztHzdZWKtTJJhsX7RornXp3VxRWxuWjqzD6cf9uC9HDH9ZcCC6QBdugrmfnt8lL60FLWe4D2Y8xdYv%2FhhjXkkWMOzi5jeu8K\"}]}\r\ncf-ray: 9b7865ceb853568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1848,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"4f26fc6b7dc664ea13e308c925584443","sha1":"464eb787b8d8971bb4fb9d814a2d6d8f9acf4d00","sha256":"6ec103cb9ae120c566913dfcb0db8be01b549c61aa157a16ea4fd98fa2858949","sha512":"daa7862d6151e42fb7dc401c7a4c901993bde8c253a0dd197309ba1b5af094f2333418616e8eb0522c44f7db360d7fbd384e92cb0815e8558b7da9b2adb4c44c","ssdeep":"","tlshash":"37312d091c944cda529e3b9e192fe52f1ca77102a6941431009ef432f57cc77ca3703a","first_seen":"2026-01-02T07:04:01.565848Z","last_seen":"2026-01-02T07:04:01.565848Z","times_seen":1,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":38,"dns":4,"connect":1,"send":0,"wait":197,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}