{"report_id":"6ea77cec-c8db-4b42-b996-631882493eea","version":6,"status":"done","tags":[],"date":"2025-08-16T21:37:39Z","url":{"schema":"http","addr":"login.nsfwverif.icu/login?redirect_to=/oauth2/authorize?client_id=512333785338216465\u0026redirect_uri=https://captcha.bot/callback\u0026response_type=code\u0026scope=identify%20guilds%20guilds.members.read%20role_connections.write\u0026state==0TPRZWanpWT4BDVaZDbyM2LZdVYuVzQOVzZE1UerpXWpZFRaJTWtpVaapWWyU0Vah3Y65UasRUT5FlMOVTSUlle4YVW2lleNRTQE5kMFpmTy0EVPFzaq5ENBR1T4VkeMpXNyImasJDT0ljMZVXQINGaS12Y25kMjBnUtxUdSJTW2hTaPpnQIRGMo1WS2kUaiZnTXFWa3lWT6lkaNZTS5NWeW1WW0Z1Vil2dplUerRlSFhGVKdEbUp0dZVlS3lEVKpXSUp0dJRlS4tGVKVEaUp0RsRlS3lVVKdXSUpENFpWU5V1QNlXVTJGaOdUZ61ESNlXVTpFc4dVZMJkaNxWQqFFbFV0TslEVSxWQq1EbVRVUsVVRPxWWV9EbBpmUslUaPlWVXJGa10WSzlleNlXQ65ENBR0T6VFVONTRq9UaNhlW5x2RjRjVtl0cJN0T1cGRPVTUE9UNjRUT0cGVPRTQq50dRRVTp9maJtGbFRWdWdVYz5UbJNXSp5kenRUTwkFVNJTW61UNVR1TycGRNVTRU1UavpWSrxWRaNHbXRmbKlXZ","fqdn":"login.nsfwverif.icu","domain":"nsfwverif.icu","tld":"icu"},"ip":{"addr":"172.67.201.105","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"leakher.vip/","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"title":"LeakHer"},"submit":{"url":{"schema":"http","addr":"login.nsfwverif.icu/login?redirect_to=/oauth2/authorize?client_id=512333785338216465\u0026redirect_uri=https://captcha.bot/callback\u0026response_type=code\u0026scope=identify%20guilds%20guilds.members.read%20role_connections.write\u0026state==0TPRZWanpWT4BDVaZDbyM2LZdVYuVzQOVzZE1UerpXWpZFRaJTWtpVaapWWyU0Vah3Y65UasRUT5FlMOVTSUlle4YVW2lleNRTQE5kMFpmTy0EVPFzaq5ENBR1T4VkeMpXNyImasJDT0ljMZVXQINGaS12Y25kMjBnUtxUdSJTW2hTaPpnQIRGMo1WS2kUaiZnTXFWa3lWT6lkaNZTS5NWeW1WW0Z1Vil2dplUerRlSFhGVKdEbUp0dZVlS3lEVKpXSUp0dJRlS4tGVKVEaUp0RsRlS3lVVKdXSUpENFpWU5V1QNlXVTJGaOdUZ61ESNlXVTpFc4dVZMJkaNxWQqFFbFV0TslEVSxWQq1EbVRVUsVVRPxWWV9EbBpmUslUaPlWVXJGa10WSzlleNlXQ65ENBR0T6VFVONTRq9UaNhlW5x2RjRjVtl0cJN0T1cGRPVTUE9UNjRUT0cGVPRTQq50dRRVTp9maJtGbFRWdWdVYz5UbJNXSp5kenRUTwkFVNJTW61UNVR1TycGRNVTRU1UavpWSrxWRaNHbXRmbKlXZ","fqdn":"login.nsfwverif.icu","domain":"nsfwverif.icu","tld":"icu"},"ip":{"addr":"172.67.201.105","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-20T21:37:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":13,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:15Z","timestamp":1755380235,"ip_dst":{"addr":"172.67.201.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":48396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:15.240106+0000\",\"flow_id\":1330993085242363,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":48396,\"dest_ip\":\"172.67.201.105\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"login.nsfwverif.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3446,\"start\":\"2025-08-16T21:37:15.220155+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60664,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.802421+0000\",\"flow_id\":440573350424138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60664,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.503370+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60664,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.802421+0000\",\"flow_id\":440573350424138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60664,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.503370+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60698,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.805264+0000\",\"flow_id\":48910987737943,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60698,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.506711+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60698,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.805264+0000\",\"flow_id\":48910987737943,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60698,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.506711+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60676,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.811755+0000\",\"flow_id\":1970844428186116,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60676,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.504324+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60676,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.811755+0000\",\"flow_id\":1970844428186116,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60676,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.504324+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60678,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.815126+0000\",\"flow_id\":477398400021948,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60678,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505276+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60678,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.815126+0000\",\"flow_id\":477398400021948,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60678,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505276+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60686,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.820379+0000\",\"flow_id\":1225916710434942,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60686,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60686,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.820379+0000\",\"flow_id\":1225916710434942,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60686,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.828227+0000\",\"flow_id\":1627908469473138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60704,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.507762+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.828227+0000\",\"flow_id\":1627908469473138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60704,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.507762+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"files.catbox.moe","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2015-04-06","domain_rank":519029,"first_seen":"2015-06-29T23:27:11Z","last_seen":"2025-08-15T01:57:40.996631Z","alert_count":0,"request_count":14,"received_data":8638896,"sent_data":6500,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"login.nsfwverif.icu","ip":{"addr":"172.67.201.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-11","domain_rank":0,"first_seen":"2025-08-16T21:37:40.513896Z","last_seen":"2025-08-16T21:37:40.513896Z","alert_count":0,"request_count":1,"received_data":94883,"sent_data":1247,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.sell.app","ip":{"addr":"172.66.46.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-05-04","domain_rank":0,"first_seen":"2022-09-02T22:59:05Z","last_seen":"2025-08-09T22:48:05.52147Z","alert_count":0,"request_count":1,"received_data":88812,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"grainy-gradients.vercel.app","ip":{"addr":"64.29.17.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2020-01-28","domain_rank":0,"first_seen":"2021-12-27T06:18:07Z","last_seen":"2025-08-09T22:48:05.485401Z","alert_count":0,"request_count":1,"received_data":985,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"leakher.vip","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-18","domain_rank":5021140,"first_seen":"2025-07-14T20:08:51.768768Z","last_seen":"2025-08-09T22:48:05.505677Z","alert_count":0,"request_count":8,"received_data":1840991,"sent_data":3575,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:15Z","timestamp":1755380235,"ip_dst":{"addr":"172.67.201.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":48396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:15.240106+0000\",\"flow_id\":1330993085242363,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":48396,\"dest_ip\":\"172.67.201.105\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"login.nsfwverif.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3446,\"start\":\"2025-08-16T21:37:15.220155+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60664,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.802421+0000\",\"flow_id\":440573350424138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60664,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.503370+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60664,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.802421+0000\",\"flow_id\":440573350424138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60664,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.503370+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60698,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.805264+0000\",\"flow_id\":48910987737943,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60698,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.506711+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60698,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.805264+0000\",\"flow_id\":48910987737943,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60698,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.506711+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60676,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.811755+0000\",\"flow_id\":1970844428186116,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60676,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.504324+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60676,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.811755+0000\",\"flow_id\":1970844428186116,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60676,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.504324+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60678,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.815126+0000\",\"flow_id\":477398400021948,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60678,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505276+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60678,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.815126+0000\",\"flow_id\":477398400021948,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60678,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505276+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60686,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.820379+0000\",\"flow_id\":1225916710434942,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60686,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60686,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.820379+0000\",\"flow_id\":1225916710434942,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60686,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.505982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-08-16T21:37:16.828227+0000\",\"flow_id\":1627908469473138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60704,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.507762+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-16T21:37:16Z","timestamp":1755380236,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":60704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-08-16T21:37:16.828227+0000\",\"flow_id\":1627908469473138,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":60704,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-08-16T21:37:16.507762+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"leakher.vip/","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7eaf6be4728832feff78bb7ac821460d","sha1":"4f606ce613a0a4dfd083d037aa00acb4cb9846d3","sha256":"1cc3a38a30a63d853e942e1684e6fddafce12b6cc9ae5d5c262fa83ae242efe2","sha512":"2521dcc8b7d9807b0ca07519bff2844ce6352548b6d28985c9900cfe94dbfb4d3d5ee8b8f0d01e40a27cab71789b55445b7622c4355f45d8054abb84a97ef41b","ssdeep":"1536:fwbc8PqyLf8TyNIM71rWdfqo7j42A+iDq+8evmyj4x16NkE8gBPM45Qbaeyc+iiC:Ybc8Prf8Typ71rWdfqo7j42A+iDq+8e+","tlshash":"c893547ae5876c5cc72f5145a1e741cbaf4046894f885838f962ba12e1fb8ccb1df362","size":91811,"data":"","first_seen":"2025-08-15T09:32:36.406799Z","last_seen":"2025-08-26T04:27:44.405924Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e37e6dedd7233aff453f026c559f594c","sha1":"66be6c01398c3924f82df5b63c7f31116ffc25ad","sha256":"80c900fadf359f998e73f5095eea2a5e54f1ed39636381813eb663d021f59b74","sha512":"41a885b6d4023dd85be7f2f2030ae4f1d86f0b181657ab6daeed0585e2ed94690979889ccde5fdc5061dd7bea14b580a5f73e41f8f8474a05f7b0c8b60c51723","ssdeep":"1536:fbg3pydfWTyZIK71r05fqo7j42g+iDq+mevmyd2V1yNkO8gBPM45Wbaeyc+ii8Lv:fbgOfWTyb71r05fqo7j42g+iDq+mevmd","tlshash":"0f9365bae187ac5cc62f454561f749cbaf4046894f885834f962fa12e1f78dcb1ce362","size":93125,"data":"","first_seen":"2025-08-15T09:32:36.4041Z","last_seen":"2025-08-26T04:27:44.405385Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/assets/index-CcHQJITL.js","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"baf26119d705f162bdd96a3031af6619","sha1":"62f1ecbae20b74560c28bcd50a0e64265bdaebfc","sha256":"2a85b7d1c59fcc3b6a34bfabeb4220245b327a2b0cce3b414faf5d022919615f","sha512":"4fcd453172b3af95df57972edcd55eeb50e1794d703edd8fde467d4b35d423cbdb7115d522bd9af22c98de69e92b8e750cf330b5bb2abef922a3840dbce6d42a","ssdeep":"6144:P/IWKSqctIrbZ8i8IE/hn08iMmhb3mVoe2xHtcsy1W/i1tl5yk8X680HdD0ACdDF:RlerbZN8IWhn08iPhb3mVoe2xHtcsy1A","tlshash":"4c643d98b284baadffe705e1556f6445b03e0a7add0e88a0e138e82527f444d7127fdc","size":309674,"data":"","first_seen":"2025-08-15T09:32:36.400572Z","last_seen":"2025-08-26T04:27:44.39952Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/cdn.sell.app/embed/script.js","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"18403ac800624360de43c38e34ee01c6","sha1":"8865cff5abce7ede48990a9fb4f5d43dfedfba26","sha256":"84aea134a9c4ccd607aa725ae89674a16257663a064c565f37d6ab1d876f3986","sha512":"515f9cc46aa1b106a2dca1e34972bf8f6954cefccf72d26478eee1114e2fdd6648623c1ffb3a76eee93756f592e2f4376757314d45c19437e7b80faca8031dfc","ssdeep":"6144:4x5nCQ8Uwyja/4r3qnZKVU0OA0KL9ORV7jI/S/PmQJWaxqUravweubH60Y3R19Dt:4x9CQ8Ia/4QAOcKPmsM0kDbsUFnXY9B8","tlshash":"9ec4c55876f224354217e0795e1fcc09b239a40f69a9edd87a8d52a42f4c43ca3f7bd8","size":568496,"data":"","first_seen":"2025-07-14T20:08:56.679632Z","last_seen":"2025-10-25T22:53:58.689947Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"leakher.vip/cdn.sell.app/embed/style.css","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:15.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET /cdn.sell.app/embed/style.css HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:16 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\ncache-control: public, max-age=14400\r\nlast-modified: Wed, 18 Jun 2025 19:01:44 GMT\r\netag: W/\"15719-197846b25c0\"\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FfTEcuXzmJ%2FycoJNVvaZOjiKXp02X6aZkvJ3wYF%2Bd9sIkYcn0L713u6rGw%2FjBolDcULorru4PGhEy2Rn%2BwJu6R6fIMu7EsDBnllo\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9704126ab93ca61f-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87833,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"381752db6ae298e5791b04c9e56b4c68","sha1":"b5b600deaf6a85a7c1c9e50ef0da0d912b4a4373","sha256":"9c4d25b4cd3ef7c07bc2c42baa608462f5c2a5e23c4600461f1488dfcae336d4","sha512":"ec0dcba6c5ef865c7b9bb14fccb88877394130e287f92797909e2c65f1b73752c8cc4fd9c9fd5fbc9069c4e2a56633ca10e66ae0d918b224cc52e84214834985","ssdeep":"768:9S5W08vkGYljz/ZqanjNe+EbuPL6tj6ySVMJfe0Ld:9S5W07EYmYy5s0Z","tlshash":"bc832296f3b0993a2c37a59d5d98b57f3b2f655097600fe4a951b3205fc26eb3e83008","first_seen":"2025-07-14T20:08:56.673836Z","last_seen":"2026-01-28T03:05:31.710961Z","times_seen":25,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/cdn.sell.app/embed/script.js","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:15.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET /cdn.sell.app/embed/script.js HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:16 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\ncache-control: public, max-age=14400\r\nlast-modified: Wed, 18 Jun 2025 19:01:44 GMT\r\netag: W/\"8acb0-197846b25c0\"\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=neofvuh7XGgLdMfNaYC6inwTRlG1CfmO0zV7gZF5MZeXJ62PHsMMfAZyDsPtzQymgeeZqOS9TaFg5yMEzKvfwE8zqyvBNDYbUChW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9704126ab93ea61f-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":568496,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (650)","md5":"18403ac800624360de43c38e34ee01c6","sha1":"8865cff5abce7ede48990a9fb4f5d43dfedfba26","sha256":"84aea134a9c4ccd607aa725ae89674a16257663a064c565f37d6ab1d876f3986","sha512":"515f9cc46aa1b106a2dca1e34972bf8f6954cefccf72d26478eee1114e2fdd6648623c1ffb3a76eee93756f592e2f4376757314d45c19437e7b80faca8031dfc","ssdeep":"6144:4x5nCQ8Uwyja/4r3qnZKVU0OA0KL9ORV7jI/S/PmQJWaxqUravweubH60Y3R19Dt:4x9CQ8Ia/4QAOcKPmsM0kDbsUFnXY9B8","tlshash":"9ec4c55876f224354217e0795e1fcc09b239a40f69a9edd87a8d52a42f4c43ca3f7bd8","first_seen":"2025-07-14T20:08:56.679632Z","last_seen":"2025-10-25T22:53:58.689947Z","times_seen":23,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":338,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/im1ogg.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.462Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /im1ogg.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/caomou.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.465Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /caomou.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/rkdj1y.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.468Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /rkdj1y.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/czfca2.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 11:08:10 GMT","end":"Tue, 16 Sep 2025 11:08:09 GMT"},"fingerprint":{"sha1":"33:3E:8D:4D:F7:DC:73:DB:55:AC:AD:72:1E:50:44:B2:05:AA:31:69","sha256":"DB:77:F5:0F:AE:B8:01:63:0A:B0:44:F7:59:12:A7:3C:A6:81:BF:F5:CB:D7:AB:3C:2C:D7:2D:36:16:2C:4C:C0"}}},"request":{"raw":"GET /czfca2.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 4261492\r\nlast-modified: Tue, 15 Apr 2025 19:09:56 GMT\r\netag: \"67feaf04-410674\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4261492,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 680 x 381","md5":"aa5f0f50283576fd192898998273566d","sha1":"2341ab79bef3cf1c914d6b810826e867da9d01b9","sha256":"ea523066d1148c1a75a357414bd8cf4d3d2deac3e578ce0b032e3584038b11bc","sha512":"1fd31acb4214bde03d8eaa0a71116542cbd8c23e693cda455cb01fafe02b51e16d3e5b5248da702d039a0c947c2a574812bb09064636c7213403b2b936738ba5","ssdeep":"24576:68OA0IEK9iBs4JDcBVNXIn59YZDqTjZUQwnyHlr:IKwBsUElIEytrlr","tlshash":"cc252356963ea3a78c42a0d067d4d0043732e9b71a1bdc64d42e9a35d7e6b26fcb1ccc","first_seen":"2025-07-27T16:40:11.158531Z","last_seen":"2025-08-26T04:27:44.403384Z","times_seen":16,"resource_available":false,"data":null}},"time_used":2459,"timings":{"blocked":498,"dns":0,"connect":0,"send":0,"wait":600,"receive":1361,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/assets/index-CcHQJITL.js","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:15.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET /assets/index-CcHQJITL.js HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:16 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 11 Aug 2025 16:32:29 GMT\r\netag: W/\"4b9aa-19899f9ea7c\"\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kot8DmllPVJRWp22Vv%2BAIh88WUtMOgO1flry%2F03V4i%2FJbaPJ8LSNb8artP0AWlj93alTZ1vGZLSNGOPbHKXTIBtaYZNuhPXRngW7\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9704126aa934a61f-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":309674,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37527)","md5":"baf26119d705f162bdd96a3031af6619","sha1":"62f1ecbae20b74560c28bcd50a0e64265bdaebfc","sha256":"2a85b7d1c59fcc3b6a34bfabeb4220245b327a2b0cce3b414faf5d022919615f","sha512":"4fcd453172b3af95df57972edcd55eeb50e1794d703edd8fde467d4b35d423cbdb7115d522bd9af22c98de69e92b8e750cf330b5bb2abef922a3840dbce6d42a","ssdeep":"6144:P/IWKSqctIrbZ8i8IE/hn08iMmhb3mVoe2xHtcsy1W/i1tl5yk8X680HdD0ACdDF:RlerbZN8IWhn08iPhb3mVoe2xHtcsy1A","tlshash":"4c643d98b284baadffe705e1556f6445b03e0a7add0e88a0e138e82527f444d7127fdc","first_seen":"2025-08-15T09:32:36.400572Z","last_seen":"2025-08-26T04:27:44.39952Z","times_seen":8,"resource_available":true,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":279,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/qm58lu.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.457Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /qm58lu.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/czfca2.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.459Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /czfca2.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/cy4w4w.webp?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 11:08:10 GMT","end":"Tue, 16 Sep 2025 11:08:09 GMT"},"fingerprint":{"sha1":"33:3E:8D:4D:F7:DC:73:DB:55:AC:AD:72:1E:50:44:B2:05:AA:31:69","sha256":"DB:77:F5:0F:AE:B8:01:63:0A:B0:44:F7:59:12:A7:3C:A6:81:BF:F5:CB:D7:AB:3C:2C:D7:2D:36:16:2C:4C:C0"}}},"request":{"raw":"GET /cy4w4w.webp?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: image/webp\r\ncontent-length: 70158\r\nlast-modified: Tue, 15 Apr 2025 19:20:19 GMT\r\netag: \"67feb173-1120e\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70158,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 680x400, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5b3ef932e0d58eb43afca217cc5beb01","sha1":"0919f3003559e85d9f8276c751dae9fc04fec240","sha256":"72c33a3d79db5d673c05e9e2442fad8b80e439c5494bd0e5b85a77e8c971d5c9","sha512":"c8b55bc3e3885d0dba1f9fb6da7af046a64c9e1ec17405408c685967a4b2b1791d103d1948970d801d0189ecf37411a0a93653e8a104c55a6b638814174150a0","ssdeep":"1536:zh1TD9X6/e4FkId2dTuIY2R/JhCz8ong4TQgrmt05DUGEj1Sg9q:zr1XSkhR/Jsz5T1mttpnq","tlshash":"b26302910f4df0a6e346bbe4c4b44d9681b4f384298f9eafa2d4c1af0e55b3c16191f2","first_seen":"2025-07-14T20:08:56.671551Z","last_seen":"2025-08-26T04:27:44.397512Z","times_seen":21,"resource_available":false,"data":null}},"time_used":1398,"timings":{"blocked":498,"dns":0,"connect":0,"send":0,"wait":604,"receive":296,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/rkdj1y.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 11:08:10 GMT","end":"Tue, 16 Sep 2025 11:08:09 GMT"},"fingerprint":{"sha1":"33:3E:8D:4D:F7:DC:73:DB:55:AC:AD:72:1E:50:44:B2:05:AA:31:69","sha256":"DB:77:F5:0F:AE:B8:01:63:0A:B0:44:F7:59:12:A7:3C:A6:81:BF:F5:CB:D7:AB:3C:2C:D7:2D:36:16:2C:4C:C0"}}},"request":{"raw":"GET /rkdj1y.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 637068\r\nlast-modified: Tue, 15 Apr 2025 19:46:27 GMT\r\netag: \"67feb793-9b88c\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":637068,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 873 x 493, 8-bit/color RGBA, non-interlaced","md5":"1a38ab7b0db2b88689a01e92adee7e96","sha1":"fb16a93c3f7df1d59aac0048c69e223f448b360e","sha256":"a2ac47774b602133eecb9ad74c05a447163f973e98f4e986dc4abbb208326b4b","sha512":"fc7c913ed1ce346c899816f5fdbdd2c7c8c1bf64beaaab6e52c85c16bced4da38d9bd3ae1f30b43073fd6d47ec5443ebf20fe926bf3f16900341c8e1b7a00a12","ssdeep":"12288:JzudClGz1NZCB/yCbXEpNDb+RQNpQvhLp9ZD7uEymCmSjxleENZHrxKsQp6:YGGz3ZCB/ygU32QNpKLpbimS1EENXaU","tlshash":"efd423f251c3b6bbc3eb931c2389c2166a5f69d66be500d1b62f7709b7f0c1e9428056","first_seen":"2025-07-14T20:08:56.672755Z","last_seen":"2025-08-26T04:27:44.395542Z","times_seen":21,"resource_available":false,"data":null}},"time_used":2211,"timings":{"blocked":491,"dns":0,"connect":148,"send":0,"wait":153,"receive":1062,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-16T21:37:15.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=0\r\nlast-modified: Mon, 11 Aug 2025 16:34:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wm4RPjq2KxHy%2Fp5AMo%2F7XS31JQETMbSBqxtlAGGZsKi9sBHChpD7PowNmaidCad60xLdc%2FrDT0Q6MAqWbqDNzzlVDxoFEvgEmOjv\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 97041267bf0fe86a-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":94280,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64398)","md5":"5b3f397ce0354a712dc43f8fb07d5b10","sha1":"f03ed4bb6f14ab4335cba78a4973107d25d47a15","sha256":"49c62129693cdc4a05006fd019a2979a769e1fa4b64de1b0ccc1171e6f4166f2","sha512":"9e02446760331b1606853fb4426df13ee54311da4f3d7634e40a818624507d642797c8fcc4d5c815f5eb54cecda03baf67d9063182168de88d908d5573e4585e","ssdeep":"1536:Mbg3pydfWTyZIK71r05fqo7j42g+iDq+mevmyd2V1yNkO8gBPM45Wbaeyc+ii8LV:MbgOfWTyb71r05fqo7j42g+iDq+mevm/","tlshash":"749376bae187ac1cc62f454561f749cbaf4046894f885834f962fa12e1f78dcb1de362","first_seen":"2025-08-15T09:32:36.388425Z","last_seen":"2025-08-26T04:27:44.396263Z","times_seen":8,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":59,"dns":21,"connect":10,"send":0,"wait":150,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/images/nature-landscape.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET /images/nature-landscape.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/cy4w4w.webp?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.461Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cy4w4w.webp?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/images/nature-landscape.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET /images/nature-landscape.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 628761\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Wed, 18 Jun 2025 19:06:24 GMT\r\netag: W/\"99819-197846f6c32\"\r\ncf-cache-status: EXPIRED\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QvyhnquuSo%2FmVvXdop%2Fztj4K%2FDLxoD36WScCcqNlQEjJPN16OFUlt2Xs68sVA2BYA0UnOkyp6aXF08TvNQyfFpXqoRvjJZ3wpIiw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9704126e2ee3a61f-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":628761,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 875 x 487, 8-bit/color RGBA, non-interlaced","md5":"e123f5b4e9aa632e4265d460d95eb93a","sha1":"23589446e0e60337739a9585b78bacf942106f6d","sha256":"bff92f543e44ba1a710b5e274d07dbf47f82b9248e94253354a7c356d1e0404b","sha512":"aded3ed580b9c821f70723ad78ef6c17dec86ac83894b0df4253d3c768bcb6b807076369f04929353157d74c4422f10af1ca39c40b2680ebd3dced019cafbf72","ssdeep":"12288:5/6ZHjFnPrQrwBZBnNGR92pjnrrPvkOg61f27uQSjwMPGs:t6ZHJnMEJNGP2FMOpdQiwMPB","tlshash":"a5d423293f9180d94c139b722d71ec19e59d1247007efafac699ccefea88f951874984","first_seen":"2025-07-14T20:08:56.680823Z","last_seen":"2025-08-26T04:27:44.400138Z","times_seen":21,"resource_available":false,"data":null}},"time_used":594,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":367,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/qm58lu.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 11:08:10 GMT","end":"Tue, 16 Sep 2025 11:08:09 GMT"},"fingerprint":{"sha1":"33:3E:8D:4D:F7:DC:73:DB:55:AC:AD:72:1E:50:44:B2:05:AA:31:69","sha256":"DB:77:F5:0F:AE:B8:01:63:0A:B0:44:F7:59:12:A7:3C:A6:81:BF:F5:CB:D7:AB:3C:2C:D7:2D:36:16:2C:4C:C0"}}},"request":{"raw":"GET /qm58lu.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 627392\r\nlast-modified: Tue, 15 Apr 2025 19:05:04 GMT\r\netag: \"67feade0-992c0\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":627392,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 870 x 498, 8-bit/color RGBA, non-interlaced","md5":"e4fb5ad80a7383a56cf3dd24e97d7631","sha1":"9f4c5014610be70ff2421062f284fff693b7baa4","sha256":"1f49393a2d23e28adcccb0e9f898cba58788641ade2b2cb67cdf308ad48dec1a","sha512":"a6cead7d2bb8ea2b6acca25a416c67871a70273a55d57bee3299ecd5a0f857c888c5f57b81d9e119fcc7b4bd0b567896d068703d7cfd5ebf75e3f1ad9eb75cf8","ssdeep":"12288:FnnGMRtTg3mDuPGP5YW/dut4C9FRZcQwUsH5UJ0y62DhlBatExISQm/xL:FDtimDFYWVub9LZ3wUsZ5y6ws6bJ","tlshash":"dad4237508727e605da670fe6ed6c336c4c16e2a3c55f519b121fbe143a82ae1fb00d9","first_seen":"2025-07-14T20:08:56.686242Z","last_seen":"2025-08-26T04:27:44.402876Z","times_seen":21,"resource_available":false,"data":null}},"time_used":1867,"timings":{"blocked":499,"dns":0,"connect":0,"send":0,"wait":599,"receive":769,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/im1ogg.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 11:08:10 GMT","end":"Tue, 16 Sep 2025 11:08:09 GMT"},"fingerprint":{"sha1":"33:3E:8D:4D:F7:DC:73:DB:55:AC:AD:72:1E:50:44:B2:05:AA:31:69","sha256":"DB:77:F5:0F:AE:B8:01:63:0A:B0:44:F7:59:12:A7:3C:A6:81:BF:F5:CB:D7:AB:3C:2C:D7:2D:36:16:2C:4C:C0"}}},"request":{"raw":"GET /im1ogg.gif?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2382238\r\nlast-modified: Tue, 15 Apr 2025 19:33:43 GMT\r\netag: \"67feb497-24599e\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2382238,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 680 x 389","md5":"1324318a016b120c4b4507ddbff35a0b","sha1":"5c94bb0b7b6e420c76504edfc8dbbcc42dc4cd1a","sha256":"8252427a757221413a1d319f53df489425d54c87ba5a606f1ea2f9cdcda6810d","sha512":"4c05eaf341cc516afd52fa528dea1ac74f5f1aff3646fd53669db8684939058bb703cc21d7e0c0375d04a2fb6d405799721ac084fdc1480e07792c3f739148c7","ssdeep":"24576:5d3DnrvpZsPOczYHe9HrmT3SjhqXHTI2dTl:Xf8zEHe9L7j4XndTl","tlshash":"f82533390f64ad11fa87f1485c0b45da3d3cb52fda0ff9a4a5512a1f5aa6805f828cb3","first_seen":"2025-07-27T16:40:11.153832Z","last_seen":"2025-08-26T04:27:44.404545Z","times_seen":16,"resource_available":false,"data":null}},"time_used":2114,"timings":{"blocked":497,"dns":0,"connect":0,"send":0,"wait":604,"receive":1013,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/caomou.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 11:08:10 GMT","end":"Tue, 16 Sep 2025 11:08:09 GMT"},"fingerprint":{"sha1":"33:3E:8D:4D:F7:DC:73:DB:55:AC:AD:72:1E:50:44:B2:05:AA:31:69","sha256":"DB:77:F5:0F:AE:B8:01:63:0A:B0:44:F7:59:12:A7:3C:A6:81:BF:F5:CB:D7:AB:3C:2C:D7:2D:36:16:2C:4C:C0"}}},"request":{"raw":"GET /caomou.png?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 568690\r\nlast-modified: Tue, 15 Apr 2025 19:45:33 GMT\r\netag: \"67feb75d-8ad72\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":568690,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 870 x 492, 8-bit/color RGBA, non-interlaced","md5":"2a3174f47ef3242ff51cb21da9845af4","sha1":"6c1046ee45d9dbfd97cfd247afee68cf68c067ae","sha256":"5f9f7ca8a79f621c91f37cbbe4ea21988214f3c42819607a4575f5aedc96ae70","sha512":"5567d18538fbccfe691a6b5933ba7156de5de587ea7ab24adfcf3cfdd344e52f15c1e2afa9aef6b889f93994f8137f58ae6fe7f88b547a9550f4cc395ff177bf","ssdeep":"12288:XYACoSUO8nwS3g+QkCAol6ZvnoAfsEA/R0eMmYFU0SJnb2St0L:pIUO8nwS3v9ZFBsEA/VMmrrnSSGL","tlshash":"9cc423f55bd6ccb2fb742723613a398f417c2451c2a2fe9602e5067cb152292ab27c7d","first_seen":"2025-07-14T20:08:56.675395Z","last_seen":"2025-08-26T04:27:44.398059Z","times_seen":21,"resource_available":false,"data":null}},"time_used":1872,"timings":{"blocked":505,"dns":0,"connect":0,"send":0,"wait":735,"receive":632,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/xjtgiu.jpeg?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 11:08:10 GMT","end":"Tue, 16 Sep 2025 11:08:09 GMT"},"fingerprint":{"sha1":"33:3E:8D:4D:F7:DC:73:DB:55:AC:AD:72:1E:50:44:B2:05:AA:31:69","sha256":"DB:77:F5:0F:AE:B8:01:63:0A:B0:44:F7:59:12:A7:3C:A6:81:BF:F5:CB:D7:AB:3C:2C:D7:2D:36:16:2C:4C:C0"}}},"request":{"raw":"GET /xjtgiu.jpeg?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 88109\r\nlast-modified: Tue, 15 Apr 2025 19:52:06 GMT\r\netag: \"67feb8e6-1582d\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88109,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1175x697, components 3","md5":"d37e6e9456466c724860f51159766523","sha1":"3f2256aef110836c77455aaa150d88891a64f2e8","sha256":"e632a36a3aab016569be6352114e1f91d56a65bba71db6d0ca217a934e64b093","sha512":"cc3f7b2e6b31a1165ca7032b5e130936e703218a66019cc809ece594a7344aaa2bf85b56d7d2e8a367d6dbb4916873fa7c86088f5767fb64d38b91a8f5f2a9ed","ssdeep":"1536:vtLiQ4KfLc01q5N2MZPNX8bnCNaivtNza2duxlwilfUYo1hdOYvBz21AL+FN:lpoIEfGbIhMKTZh56uy","tlshash":"fb83026648a70612e75ace3146cae5ad40ebbf9c3fc87d8456c77b2d4a309e3380919d","first_seen":"2025-07-14T20:08:56.687277Z","last_seen":"2025-08-26T04:27:44.398556Z","times_seen":21,"resource_available":false,"data":null}},"time_used":1387,"timings":{"blocked":490,"dns":0,"connect":0,"send":0,"wait":598,"receive":299,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"login.nsfwverif.icu/login?redirect_to=/oauth2/authorize?client_id=512333785338216465\u0026redirect_uri=https://captcha.bot/callback\u0026response_type=code\u0026scope=identify%20guilds%20guilds.members.read%20role_connections.write\u0026state==0TPRZWanpWT4BDVaZDbyM2LZdVYuVzQOVzZE1UerpXWpZFRaJTWtpVaapWWyU0Vah3Y65UasRUT5FlMOVTSUlle4YVW2lleNRTQE5kMFpmTy0EVPFzaq5ENBR1T4VkeMpXNyImasJDT0ljMZVXQINGaS12Y25kMjBnUtxUdSJTW2hTaPpnQIRGMo1WS2kUaiZnTXFWa3lWT6lkaNZTS5NWeW1WW0Z1Vil2dplUerRlSFhGVKdEbUp0dZVlS3lEVKpXSUp0dJRlS4tGVKVEaUp0RsRlS3lVVKdXSUpENFpWU5V1QNlXVTJGaOdUZ61ESNlXVTpFc4dVZMJkaNxWQqFFbFV0TslEVSxWQq1EbVRVUsVVRPxWWV9EbBpmUslUaPlWVXJGa10WSzlleNlXQ65ENBR0T6VFVONTRq9UaNhlW5x2RjRjVtl0cJN0T1cGRPVTUE9UNjRUT0cGVPRTQq50dRRVTp9maJtGbFRWdWdVYz5UbJNXSp5kenRUTwkFVNJTW61UNVR1TycGRNVTRU1UavpWSrxWRaNHbXRmbKlXZ","fqdn":"login.nsfwverif.icu","domain":"nsfwverif.icu","tld":"icu"},"ip":{"addr":"172.67.201.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-16T21:37:15.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nsfwverif.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 14:02:22 GMT","end":"Sun, 09 Nov 2025 14:59:27 GMT"},"fingerprint":{"sha1":"9E:22:2B:F3:74:99:62:A5:28:3A:24:C2:20:0E:75:74:AE:01:6C:29","sha256":"75:5D:54:1E:A1:3A:D8:92:A7:53:C8:02:E7:15:33:76:D1:FB:18:61:96:77:4B:7A:82:41:57:C0:FA:A8:B8:7D"}}},"request":{"raw":"GET /login?redirect_to=/oauth2/authorize?client_id=512333785338216465\u0026redirect_uri=https://captcha.bot/callback\u0026response_type=code\u0026scope=identify%20guilds%20guilds.members.read%20role_connections.write\u0026state==0TPRZWanpWT4BDVaZDbyM2LZdVYuVzQOVzZE1UerpXWpZFRaJTWtpVaapWWyU0Vah3Y65UasRUT5FlMOVTSUlle4YVW2lleNRTQE5kMFpmTy0EVPFzaq5ENBR1T4VkeMpXNyImasJDT0ljMZVXQINGaS12Y25kMjBnUtxUdSJTW2hTaPpnQIRGMo1WS2kUaiZnTXFWa3lWT6lkaNZTS5NWeW1WW0Z1Vil2dplUerRlSFhGVKdEbUp0dZVlS3lEVKpXSUp0dJRlS4tGVKVEaUp0RsRlS3lVVKdXSUpENFpWU5V1QNlXVTJGaOdUZ61ESNlXVTpFc4dVZMJkaNxWQqFFbFV0TslEVSxWQq1EbVRVUsVVRPxWWV9EbBpmUslUaPlWVXJGa10WSzlleNlXQ65ENBR0T6VFVONTRq9UaNhlW5x2RjRjVtl0cJN0T1cGRPVTUE9UNjRUT0cGVPRTQq50dRRVTp9maJtGbFRWdWdVYz5UbJNXSp5kenRUTwkFVNJTW61UNVR1TycGRNVTRU1UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1\r\nHost: login.nsfwverif.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 16 Aug 2025 21:37:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://leakher.vip\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\nvary: Accept\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rVMl4PyyZGqJFx5r7dmX%2FDdJVIPgd2NCBmRLVL6zDYJ%2FBO6FtxZ0bNINceHthTFH7gfO7hSpqgld%2Bb1OA52RafZ7pUYDldZsVSmOv8M4b1IKnxw%3D\"}]}\r\ncf-ray: 970412665af195bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":94280,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":346,"timings":{"blocked":100,"dns":65,"connect":8,"send":0,"wait":146,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/favicon.ico","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:17.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:17 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 11 Aug 2025 16:34:18 GMT\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8QGiC8FCrh%2Bq2M9bc24KmeWh82tgsi2dzITYUeeTwJoIWPey8rM1K2YX2HJoosnC8jvrCuUrgyNtMYfIl639vfPdq5GrF0eapuvK\"}]}\r\ncontent-encoding: br\r\ncf-ray: 970412764bbaa61f-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":94280,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64398)","md5":"5b3f397ce0354a712dc43f8fb07d5b10","sha1":"f03ed4bb6f14ab4335cba78a4973107d25d47a15","sha256":"49c62129693cdc4a05006fd019a2979a769e1fa4b64de1b0ccc1171e6f4166f2","sha512":"9e02446760331b1606853fb4426df13ee54311da4f3d7634e40a818624507d642797c8fcc4d5c815f5eb54cecda03baf67d9063182168de88d908d5573e4585e","ssdeep":"1536:Mbg3pydfWTyZIK71r05fqo7j42g+iDq+mevmyd2V1yNkO8gBPM45Wbaeyc+ii8LV:MbgOfWTyb71r05fqo7j42g+iDq+mevm/","tlshash":"749376bae187ac1cc62f454561f749cbaf4046894f885834f962fa12e1f78dcb1de362","first_seen":"2025-08-15T09:32:36.388425Z","last_seen":"2025-08-26T04:27:44.396263Z","times_seen":8,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":148,"receive":131,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.sell.app/embed/style.css","fqdn":"cdn.sell.app","domain":"sell.app","tld":"app"},"ip":{"addr":"172.66.46.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.sell.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 03:52:54 GMT","end":"Thu, 25 Sep 2025 04:52:53 GMT"},"fingerprint":{"sha1":"BF:3D:37:46:69:C5:C7:63:61:DB:33:CE:13:9D:64:75:A8:1B:8F:56","sha256":"24:92:5F:9B:56:FC:09:07:8C:35:BC:AC:25:2D:80:66:F7:7B:B5:17:B4:E0:FB:BB:68:98:26:D1:7D:0B:6D:45"}}},"request":{"raw":"GET /embed/style.css HTTP/1.1\r\nHost: cdn.sell.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:16 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\netag: W/\"f11e929a4270e106644143143166ea70\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=pA96J97vONkQkWAIAoKE2OgXphs4qr7BlSNlCtsvLDAe%2FNj5nTymBE4iCXbynI01ZVWxssFHjQ8u47qSRhuK5SuD5JorJOLB%2BDKxcPvu9Rzh3p7fvx4nQmSWSNufGpw%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9704126fa9a05690-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=819\u0026min_rtt=583\u0026rtt_var=335\u0026sent=7\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=3188\u0026recv_bytes=1076\u0026delivery_rate=7051948\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=b659ed24bc48ca49\u0026ts=56\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87833,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"381752db6ae298e5791b04c9e56b4c68","sha1":"b5b600deaf6a85a7c1c9e50ef0da0d912b4a4373","sha256":"9c4d25b4cd3ef7c07bc2c42baa608462f5c2a5e23c4600461f1488dfcae336d4","sha512":"ec0dcba6c5ef865c7b9bb14fccb88877394130e287f92797909e2c65f1b73752c8cc4fd9c9fd5fbc9069c4e2a56633ca10e66ae0d918b224cc52e84214834985","ssdeep":"768:9S5W08vkGYljz/ZqanjNe+EbuPL6tj6ySVMJfe0Ld:9S5W07EYmYy5s0Z","tlshash":"bc832296f3b0993a2c37a59d5d98b57f3b2f655097600fe4a951b3205fc26eb3e83008","first_seen":"2025-07-14T20:08:56.673836Z","last_seen":"2026-01-28T03:05:31.710961Z","times_seen":25,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":0,"dns":74,"connect":1,"send":0,"wait":22,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/xjtgiu.jpeg?auto=format\u0026fit=crop\u0026w=600\u0026q=80","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.470Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /xjtgiu.jpeg?auto=format\u0026fit=crop\u0026w=600\u0026q=80 HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:45:59.439381Z","times_seen":13315505,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grainy-gradients.vercel.app/noise.svg","fqdn":"grainy-gradients.vercel.app","domain":"grainy-gradients.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:16.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 04:57:32 GMT","end":"Mon, 22 Sep 2025 04:57:31 GMT"},"fingerprint":{"sha1":"81:D3:FA:22:93:E5:25:70:85:9A:59:F7:5D:92:C4:FE:CF:35:0D:C7","sha256":"CF:7D:EA:B1:F6:D3:8D:F4:F7:DA:1F:83:F1:44:C8:1D:E2:58:46:A5:3A:AD:9E:5F:79:E0:C3:92:23:CE:2D:B7"}}},"request":{"raw":"GET /noise.svg HTTP/1.1\r\nHost: grainy-gradients.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 455620\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"noise.svg\"\r\ncontent-type: image/svg+xml\r\ndate: Sat, 16 Aug 2025 21:37:16 GMT\r\netag: \"2c0cfacf42318fd4dac94357fef89cb5\"\r\nlast-modified: Mon, 11 Aug 2025 03:51:41 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-matched-path: /noise.svg\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::tz545-1755380236558-c11694aabbf2\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 324\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":324,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2c0cfacf42318fd4dac94357fef89cb5","sha1":"8968d5b4c8d7fc5067dd77f08e385c3951742c65","sha256":"4aa40b2afbaef74a269c197e8c0d0055f6bc9320dd460fde81fa3297ac43aae2","sha512":"f7eb65a0a4e55464871c32a572c11ab8fed2d92119876df3588744685c2e074f78951626d6e282a126ee86ba4a4165a5d67e97f5511ea0d96f5b7e3082c9eeb5","ssdeep":"","tlshash":"60e0727880fa8c0c8000830df6e88b903e92d0c383880046f0ac29f26b16803bde22fe","first_seen":"2023-05-10T06:00:44Z","last_seen":"2026-03-29T19:44:19.919699Z","times_seen":624,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":5,"connect":1,"send":0,"wait":21,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leakher.vip/assets/index-B8v9U7bu.css","fqdn":"leakher.vip","domain":"leakher.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://leakher.vip/","date":"2025-08-16T21:37:15.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leakher.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Jun 2025 16:19:22 GMT","end":"Sat, 20 Sep 2025 17:17:49 GMT"},"fingerprint":{"sha1":"06:5A:F0:14:96:40:AB:3D:F6:70:7D:19:02:35:DB:A9:E3:66:84:FC","sha256":"83:4C:C3:45:D7:B3:62:E7:BF:4F:02:64:6D:65:B8:20:9C:BD:FB:3F:05:94:7B:C6:2A:6E:BB:C5:D1:0E:8C:D9"}}},"request":{"raw":"GET /assets/index-B8v9U7bu.css HTTP/1.1\r\nHost: leakher.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leakher.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 16 Aug 2025 21:37:16 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\ncache-control: public, max-age=14400\r\nlast-modified: Wed, 18 Jun 2025 19:01:43 GMT\r\netag: W/\"ceb9-197846b21d8\"\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FZdE8Wj7QrulRc8tVMMSMZwiw%2FEr50wP9%2B0qvsEAsbNSjiIJ16Wq9bbfMGaRrKgUdg%2B4ZXLmNoZ8gMUjmBQil30IEEoQOPFXsB4x\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9704126aa937a61f-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52921,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52920)","md5":"45b3eddbd7e0c9d260b66f782da1775d","sha1":"cc090114f18c8b748986826f6ba9bd58ca015824","sha256":"9d3bd11c5bce65853f5bc59247f241f063ae5209e7cce1338e9c790d796556f1","sha512":"563ddc1c942e96e21badd40ec6a51929b98dd3d5c7c1f671270e22b036f5e1bd8b236262438d747a3300fa49d7c0aa74df55177f5dfbd66eb0bbadab71b0d9f7","ssdeep":"384:kwjRqmMz1S+u1X+61X+Y26+AcI1BA3TD/K/y/HZNUrtKYNLLfSuADVAfbHf:BRqmm6o3ZNUrtB6uADEf","tlshash":"4b33636d9aa0603bbc17b1e4d799756cfa2ef0d5de3a56a9ac82010067f33f60d5b900","first_seen":"2025-07-14T20:08:56.690242Z","last_seen":"2025-08-26T04:27:44.400661Z","times_seen":21,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}