{"report_id":"97603e02-b865-4aa0-aa3e-321c1c7dac2c","version":6,"status":"done","tags":[],"date":"2025-08-25T23:37:37Z","url":{"schema":"http","addr":"unleashtheleader.blog/join/56451","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"172.67.204.36","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"title":"Continue to nadiaakingg onlyfans"},"submit":{"url":{"schema":"http","addr":"unleashtheleader.blog/join/56451","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"172.67.204.36","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-29T23:37:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"pl26987060.profitableratecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"pl26987060.profitableratecpm.com","ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-04-07","domain_rank":5309298,"first_seen":"2025-06-24T20:46:06.546514Z","last_seen":"2025-08-20T09:07:44.611425Z","alert_count":1,"request_count":1,"received_data":106712,"sent_data":389,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.highperformanceformat.com","ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-10-15","domain_rank":366864,"first_seen":"2024-10-23T18:32:34.138968Z","last_seen":"2025-08-22T04:44:47.256243Z","alert_count":2,"request_count":2,"received_data":69784,"sent_data":768,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-08-22T14:31:34.988902Z","alert_count":0,"request_count":3,"received_data":1287,"sent_data":1389,"comment":"","tags":null,"fingerprints":null},{"fqdn":"flushpersist.com","ip":{"addr":"192.243.59.13","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-08-19T21:48:17.550909Z","alert_count":0,"request_count":1,"received_data":496,"sent_data":692,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-08-19T21:48:17.555582Z","alert_count":1,"request_count":1,"received_data":85963,"sent_data":337,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-08-22T11:15:14.191355Z","alert_count":5,"request_count":5,"received_data":20755,"sent_data":6235,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"torchfriendlypay.com","ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-01","domain_rank":191479,"first_seen":"2025-07-30T13:31:49.539518Z","last_seen":"2025-08-20T16:09:43.322745Z","alert_count":3,"request_count":3,"received_data":14222,"sent_data":5437,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-08-22T06:18:22.747826Z","alert_count":0,"request_count":2,"received_data":100527,"sent_data":924,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"unleashtheleader.blog","ip":{"addr":"104.21.44.224","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-22","domain_rank":0,"first_seen":"2025-08-25T09:41:01.353614Z","last_seen":"2025-08-25T09:41:01.353614Z","alert_count":0,"request_count":4,"received_data":74532,"sent_data":1980,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-08-20T04:32:20.993418Z","alert_count":1,"request_count":1,"received_data":377,"sent_data":342,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"pl26987060.profitableratecpm.com/1c/87/18/1c8718497824d06b244a8ea041da5db8.js","fqdn":"pl26987060.profitableratecpm.com","domain":"profitableratecpm.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"436f610f6519b8e9e70372d000a05494","sha1":"c667123a5a97df324928087029550b80ef03d4a6","sha256":"9a83adc0af799826c542a0e02ca577129494859629176b97f4a1d134191a8768","sha512":"8c2877a57355c28c298f1fed2bf2fd1ad37d261ac4f80e90fc79cb0eccbf24bdb05d28cc9a28ed0ebcea4b7db0f44fe525101a5512f2a884a9487ca6a76ab9e1","ssdeep":"1536:dyINpJazVMiUsbaeBvat/xp1P2PNrdMCC2cevmiwB/BDMCIuv5Y:j6VMiUs7ahxp521rcuZwH2uC","tlshash":"9da3a8487f90fcbe02566033663f951bf1aa0e415958c988d11afdb42a3c31bfa3da75","size":105888,"data":"","first_seen":"2025-08-24T17:59:16.132525Z","last_seen":"2025-08-26T09:45:03.662004Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wayfarerorthodox.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":80,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a524ecfbd97124fd2e9c3f6ad371ca23","sha1":"a281b89a51cfe367f92816be50eba55ccc0eaee6","sha256":"5549a01f3d1c788c8e44dc8a54e5c9103880b5608d3b44e0a0ea4ebd124dc18f","sha512":"dbfa06ea3faf0b6451668b8634e61e52c71ac098f26b08551cac54344128a205b2378e56953102dda758aa63fab8ed1e22c3a74eda39a154caff8f2b6b3bdee5","ssdeep":"96:WhmlSzNzYF4RWz3qVeBYJ2gzAKAYaR/tCP/KZhWAEGo:SmAz+60BSF81RM3KZoGo","tlshash":"b1a1618e3f81b4ac069270372f3f6e0ef13a5c55195ad4d8d202a0a47f28a39d4b6b55","size":5080,"data":"","first_seen":"2025-08-06T23:31:31.906679Z","last_seen":"2025-09-26T10:32:45.122277Z","times_seen":4581,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"e25f0174ff7886b7ccf8c63fdf572a29","sha1":"0a10eb743f36c018f21cbaf8f40648eb32487a8c","sha256":"2903f8ae6e01fb636c2854aa1089bfd0eaf13ea378abe6593b947d835a1ce01b","sha512":"d929e400c837247e2af0acdf723b1b8edbf4b5a706c36aa6ce567c2b0c405b99394e9160ac78f898e24f96b7bc4e809eedda33b6fa2591aa1de50551f21ca768","ssdeep":"","tlshash":"fb411723d60a3371ccb7f83a06c87b48390629892b20abc63c0d57680b709f91624edc","size":2030,"data":"","first_seen":"2025-08-25T23:37:38.935296Z","last_seen":"2025-08-25T23:37:38.935296Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e834115a641bc0903277421e661c65e","sha1":"00bb22f61cfd88f625cb8e2b5aad4f6b74e880d7","sha256":"d70c65bd173f1dbe26256e81b35596724e49e6a468473c46225ff5c3dfe7b151","sha512":"80bb3a30f7f189e55988e44ae1a0bc120cfff78adea4cf24ba9d6c73c09b41295b1fb0b06b916b8cc031b6c032fbe21cc13b1bde8f4b5b542dfa9ddd426d5da7","ssdeep":"96:5ozyH43GjQgmLghQ2hZAizrU9LBVgwavKTSIizAk1/D8CfMEDaH:2zDVLgNZ9zrUX+wObIikcb8CkCaH","tlshash":"28a14cb62dc1c279ac6670bf667796887d51402f1942fc46fe4c562b9f00ba90f28df8","size":4775,"data":"","first_seen":"2025-08-25T23:37:38.940525Z","last_seen":"2025-08-25T23:37:38.940525Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"e73bac4ca1c26d0013cc779da4e04e53","sha1":"0653ba6d53234c6bc9d5478b718a1743f573e0e7","sha256":"02707cd761afe4bd28c153fee66153f70580e2d3e0cd09ec458323e8405f37db","sha512":"e20ee3411044b7f4e4d472a7a8036fe498f4f06b156604fea43447e1154e4136cc24091b5b8a639f70cd82dcd5144d919208aa1e7315fc0b64301d74e3bb7e87","ssdeep":"","tlshash":"00310cd50445834fee45d1afd96732e67e8109151b9be0a44f6c152ce30355d5f00cb5","size":1552,"data":"","first_seen":"2025-08-25T23:37:38.944487Z","last_seen":"2025-08-25T23:37:38.944487Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f1da4fe6d5f59db8898aeef4e66ac941","sha1":"7e9dccf1cc82c6ebc94ae77934b12a7e30038482","sha256":"ff1f17b53233a54ba5668d28da7910b3158281bac50e20354cef485c74b0f44d","sha512":"7d2d20a144b45a1b2b43391d9b886a0de89f44f49aa6c419c15567d247660092732bd2011049ce9e196aec67b3601962ebbf864aed25b6e90ff6505718e37066","ssdeep":"","tlshash":"79c08ca49900b20401228c200c2cd180a3008e11265ca46730c224390290559488aeac","size":139,"data":"","first_seen":"2025-06-14T21:55:46.651383Z","last_seen":"2025-11-11T04:35:01.519491Z","times_seen":625,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"3dcfa09e80b1151e9e8046fba8a8dbc0","sha1":"3487881c59d84fd646c46a96418435170ef8207b","sha256":"b791ade7352dd2b212ea1696187030eaaf1d6bdc4ae21631f590b54141d617dc","sha512":"300f7bf07fdfaf0ac6d01566845584ef8610fcf964b04a3a7a1ec4486175ab622c660ec2e39350adf1c5a621e75826c2ecaaf83aa7a3798c41b09bcad5b4309c","ssdeep":"96:ZozoPh6KKuE0exvrO1H3F9i6KKuE0exvrO1Bb1/DYCfMEDaH:Wze6v0exr21w6v0exrebYCkCaH","tlshash":"04a10922de96a374dca7b43d06daba483902150a6b21ef477c8de2195f707f40e54eec","size":4770,"data":"","first_seen":"2025-08-25T23:37:38.961696Z","last_seen":"2025-08-25T23:37:38.961696Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"b36dbd38201a57c28ceb14e28ae7274f","sha1":"d949e8d6558c4dc62c1e2b18af85ac6ee09d5050","sha256":"39aed0864a8a807466b715f514129342e496d859384118e0088d7495779a4471","sha512":"52f12bbf6e90916afbc3cbc211dc7cfc5b2517464fd69134ac7f7aa8545c22ec1885e2c46666b6d39461c23f3606673cf3410432426f63d3fcd0964358efe4c4","ssdeep":"","tlshash":"73312a13cb8a97bcdcb7d43909c9788d66422c4dfb724b820839521896701b25a00bf8","size":1552,"data":"","first_seen":"2025-08-25T23:37:38.964528Z","last_seen":"2025-08-25T23:37:38.964528Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fdf1521267f5b2142ed81175ba63949c","sha1":"6a8862e8707f61090e377f82e3b81983f2ec505c","sha256":"271f959a894e685f7f940720ea64c1642d0029752c462ed6b250ee71b48c3a9b","sha512":"27b9b14b0233f9e29c1d1a338507739a0f893c1f64d71bd21c2d340ea3c4979fc018ab5f2f70f8a0b2371cbb29cc7cfce2866a95ebc28b699b7370996336f148","ssdeep":"","tlshash":"cdc02bea8000f24980a2cc145cbcd300a310cd203459082776d01c23024074648953ac","size":140,"data":"","first_seen":"2025-06-14T21:55:46.652505Z","last_seen":"2025-11-11T04:35:01.52015Z","times_seen":621,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b6412ad2eb064f596abce6e764a8304","sha1":"f2134cddc36dc1637bc106025e4c594bfdf7af32","sha256":"4e52af311ea4adbbdbd541a7d58bac96fd02e7301d26a08643d3a086a655977c","sha512":"8ee410190eb2c1be6e287946c7b79f9f421ed571a6455290d9efedc777a9ae20c562bc214b3aaf387d6ecebb55fae9e5f414ca6695f3a50db3583d1f61ff67b8","ssdeep":"","tlshash":"f7c08c5a2b002412f960380eeb0a2780bcd0472e30620d80e6884803609032b0841080","size":145,"data":"","first_seen":"2025-06-14T21:55:46.663503Z","last_seen":"2025-11-11T04:35:01.515623Z","times_seen":612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"d33332775b768dd22e0042543f85f135","sha1":"b11f4cfaef79764fc83ced0b29f5239c723eaa69","sha256":"3513a681d54f725107ad6f37da6d6208d409c6042f45e97842c617f8e6b99aaf","sha512":"ad73c57bf4c33e9e834fdc80762c041bf3742cfe75b0612285c505df63b8102e20ab54de2740775d69521a41b063a8c5eb64662096789ddbddf2f8c76ab5b04b","ssdeep":"","tlshash":"b6c08c642f0230127a223c8e1b0033c0acc04353a23dba2230c3401074d50ba0080888","size":145,"data":"","first_seen":"2025-06-14T21:55:46.665905Z","last_seen":"2025-11-11T04:35:01.518723Z","times_seen":612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"99c90e1441dc5a329fc83626729fcc85","sha1":"60fcaff3da00d096f63c4b24031fd3dc3ee07dc7","sha256":"410b27123c971cb563e14a2897072b1bac759f4552a66c94dce8d466051df545","sha512":"ce209d158417f7652204d9c3f86ebefe3a007eef79718d8c22968d26a0fc245f265363a89a658be97531d4e19bc33a4af0a00993c2d9abc17b5f3941d9dc6f07","ssdeep":"","tlshash":"eb412973321635a058feb8b7144b46847d25907e0d53b847ba0c12bb2700bbb232ee56","size":2034,"data":"","first_seen":"2025-08-25T23:37:38.970492Z","last_seen":"2025-08-25T23:37:38.970492Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8046d2319fd6acdefe899813a2f624da","sha1":"7f9bef3a61843dd36968d787df72210d21029fde","sha256":"64ad42173c1a0396d9482130249e14ba8f4fccdaa184a3cb6ec1ea68563d1e3f","sha512":"2d5bb564201d3983602f08660504150866d6a80108949215b8acb7acc1176f54c6b2e8dafc51682d861c5b93b9ac5b6123e79676754e52ccee25464018bedb17","ssdeep":"","tlshash":"4df0279a267744641ea3b0b757df23883073500f7489dd0d3e5c46909fe5e2aa0bbbd8","size":540,"data":"","first_seen":"2025-08-25T23:37:38.972795Z","last_seen":"2025-08-25T23:51:13.596376Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4b00956b84e1a03c66c26e6bf1265a0b","sha1":"e20c95ca925cd07f393ba066085ac2e654d90d65","sha256":"9662a5fa0850c6ac647c9ac7fcb978e06d09c0a04f2127342394360a84f565ab","sha512":"b6d92054abebfe23976f3a8a8e985fe210310560f82c8f036dc27bee2ab75228260e8aaa0cf57f6a39349d8b12b4eafce7b86d5fada1950b2261ddf6f0d7260e","ssdeep":"","tlshash":"35e0ab2998e706388cf63a841038ca3934f838a0aaa3d057525cc82ccd39fc50c00aec","size":424,"data":"","first_seen":"2025-08-17T21:28:29.62896Z","last_seen":"2025-09-02T21:55:30.398427Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.highperformanceformat.com/2027a50cb46e987ec92bde847883c82e/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"00588fd35867ac5bee1b2f8eec02d0a2","sha1":"31ad1d67ad16252133ba10555dd28013965a5110","sha256":"975b6d4f81c54a8b79a214843df9916d9f6bb0a9122aaf08dd1d34f0a2269cb5","sha512":"04797586890854b6650977d754f28c5f57b37e51881dd9641d5f64ce224c27e1cf7d526e587f7116f3a9cab2507aa6e6ebe7311d9765caa435d7c9e4cc33db81","ssdeep":"768:WBcqYtc5vIm+3UJFUhwlnYRpKgE43kRRwlEK8cQa2B9FQ:WWiIJEJyhwln6Kk3kRylEK8cUE","tlshash":"f8e2e78c3f60b05813da303f733f960de9960c0aa894c549c06bb5ecb97c767e5769a8","size":34071,"data":"","first_seen":"2025-08-24T20:59:22.702575Z","last_seen":"2025-09-02T17:49:16.598397Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.highperformanceformat.com/25a1f370ca5f8f418d35d7aea487fa2b/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9ff3ff348e9f384161aa41b71d10b4e","sha1":"2fe04394be06c274950289dc30ca8d69e512ea6a","sha256":"e2ead35b8fdfcc4cdf148ac5eeb98a756db67c8b45183a6e18c45c369363efb3","sha512":"83b04f38a322c4d9d562962949a50442ccc545fbef9b3913ce03b5c06ad17ba584227111ce94a699e5a77f7366d551dccc1fd00a037290b67a2e01ed28ff383b","ssdeep":"768:WBcqYtc5vIm+3UJeUhwlnYROKgE43kRRwlEK8cQa2B9mh:WWiIJEJthwlnlKk3kRylEK8cUw","tlshash":"4be2f88c3f60b05813da307f732f970de9960c0aa894c549c06bb5ecb97c767e5769a8","size":34071,"data":"","first_seen":"2025-08-24T09:18:24.356251Z","last_seen":"2025-09-01T17:37:34.451902Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu3iQK5iBGzcHTHDwoZGeruqp_mYO4xkhwTUISyUFB6lfvltvT1anqnp4sHoIByXG95dj7ZpNFjUHBqyCz3gKC42mF7MW_QAM5S28WNj7o997XXxV8r-qrr7eafUSh4XuXP7Ybpij4UjTEg7eum1LZ1g8uXhsQPMRnB9dNGbOzg0mf3PgdQtkQvz34UMt1uxRigjHBZHDeOJ3bydIBC6Z6kJFhhocsHJKIwcT9H_smAM8DUON9dAqMmr_8d_4pGDmDcvTjOe3Xa1ud-WDUFLy2DsZq55NyvbRtCaOjNncB5OXO4Wqwfo7Q3QWw5c7hBGDH2_0EIMwcLZx-DKLcOZQJYnzvmVJRgC5BqJPQjmegi10wfAbS3gaj_kAAUsHFS1CO7l-0ruU3n7G8Z-fo-NMnYNo5Ov74NShHD5cLMxlctUVTG1t6mOQdmMkMzOoMqmYX6o0FMO0uyPorMOp3tPR0BcrR9iVfWDBq7804Ukkms2QxTxO2yISIFzOdkcUkpZJoQghJ2cERmXwG3AfQ9J8JoMkDaKoARmpvwHDKJOE0zjMlE8w4Y0oLnKUhxjyTCTSy174JdbUJstgE6W5B5W7BuvlmjoKTp8A1v4Jf2_uZcJJzraI0Z2moSMqkUEKGWZRlccqYjiOZUR5hKYUgqWIkZFglguss0TlOsGAkiyRPI6bDVMQ0DfOUJZHOk5iKiIgwjBOpdBxHSmMSYh5xrUUchSENI8mY5IJHNKEpSTIqqaBhqPJQYqw4FlQqnGAmc0XjKIw55QmWkQSvAvA1grHqoNUIWo-g5Qhag6CtEbTj7p4qfOi7-6rwjSCHNTystJvaenWL37P1qi4RcLcJTnXbprrhb4Osj003cq-mtk9c1N2UC9VtVfvold4Qwd2_Pod1vTcII05ymmDJozzNGUkVjVTCNWdpkvNQgDcdGL9wcI0bZo5W7t-AyszRiRf_AcF3wRe7IM3rwJsTwNspxRj42jSMMGyUD4u1NTvSSkvrhpKDsh1U9XGobwZbxT5648Can_17GrR8hA4DpOugch18YX5DsFrcmV6xLdq-YluPfrpU1WZkNnhv26s1r_UL332kb7bWqQvn_Oa378me6NsH17SvV3ipTLnq0ffLRintzlsnNfrlgr-uxeXGry03rmyqlcvvn78wqpz23thyBtzM0Uv7Z0CaOXr1y-WDJ8nuTsC4Gbimg1HznNbqFvjqCHuLwBVHWFQI2qabulAc_SwMgkIfYS468M9hcdRPHe93c9Nt-Tuw6gLg9W0oRx2MXQfjogNebIJvjk3ryj169096ECCKYCoKh7ZF4Xre7A1yqntHpklMaJprQpmSeZSyTMUcU6qh9vO1B09--C8AAP__DPTvlWsFAAA=","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:17.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu3iQK5iBGzcHTHDwoZGeruqp_mYO4xkhwTUISyUFB6lfvltvT1anqnp4sHoIByXG95dj7ZpNFjUHBqyCz3gKC42mF7MW_QAM5S28WNj7o997XXxV8r-qrr7eafUSh4XuXP7Ybpij4UjTEg7eum1LZ1g8uXhsQPMRnB9dNGbOzg0mf3PgdQtkQvz34UMt1uxRigjHBZHDeOJ3bydIBC6Z6kJFhhocsHJKIwcT9H_smAM8DUON9dAqMmr_8d_4pGDmDcvTjOe3Xa1ud-WDUFLy2DsZq55NyvbRtCaOjNncB5OXO4Wqwfo7Q3QWw5c7hBGDH2_0EIMwcLZx-DKLcOZQJYnzvmVJRgC5BqJPQjmegi10wfAbS3gaj_kAAUsHFS1CO7l-0ruU3n7G8Z-fo-NMnYNo5Ov74NShHD5cLMxlctUVTG1t6mOQdmMkMzOoMqmYX6o0FMO0uyPorMOp3tPR0BcrR9iVfWDBq7804Ukkms2QxTxO2yISIFzOdkcUkpZJoQghJ2cERmXwG3AfQ9J8JoMkDaKoARmpvwHDKJOE0zjMlE8w4Y0oLnKUhxjyTCTSy174JdbUJstgE6W5B5W7BuvlmjoKTp8A1v4Jf2_uZcJJzraI0Z2moSMqkUEKGWZRlccqYjiOZUR5hKYUgqWIkZFglguss0TlOsGAkiyRPI6bDVMQ0DfOUJZHOk5iKiIgwjBOpdBxHSmMSYh5xrUUchSENI8mY5IJHNKEpSTIqqaBhqPJQYqw4FlQqnGAmc0XjKIw55QmWkQSvAvA1grHqoNUIWo-g5Qhag6CtEbTj7p4qfOi7-6rwjSCHNTystJvaenWL37P1qi4RcLcJTnXbprrhb4Osj003cq-mtk9c1N2UC9VtVfvold4Qwd2_Pod1vTcII05ymmDJozzNGUkVjVTCNWdpkvNQgDcdGL9wcI0bZo5W7t-AyszRiRf_AcF3wRe7IM3rwJsTwNspxRj42jSMMGyUD4u1NTvSSkvrhpKDsh1U9XGobwZbxT5648Can_17GrR8hA4DpOugch18YX5DsFrcmV6xLdq-YluPfrpU1WZkNnhv26s1r_UL332kb7bWqQvn_Oa378me6NsH17SvV3ipTLnq0ffLRintzlsnNfrlgr-uxeXGry03rmyqlcvvn78wqpz23thyBtzM0Uv7Z0CaOXr1y-WDJ8nuTsC4Gbimg1HznNbqFvjqCHuLwBVHWFQI2qabulAc_SwMgkIfYS468M9hcdRPHe93c9Nt-Tuw6gLg9W0oRx2MXQfjogNebIJvjk3ryj169096ECCKYCoKh7ZF4Xre7A1yqntHpklMaJprQpmSeZSyTMUcU6qh9vO1B09--C8AAP__DPTvlWsFAAA= HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjc5NDU5MSwiayI6IjI1YTFmMzcwY2E1ZjhmNDE4ZDM1ZDdhZWE0ODdmYTJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDIzMzQ1LCJwaWQiOjMyOTcxMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJmbXptNWo2ZDJkIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdW5sZWFzaHRoZWxlYWRlci5ibG9nL2dvLz9pZD1uYWRpYWFraW5nZyUyMG9ubHlmYW5zIiwiYXIiOltdfX0.nd2HA1FteXAPTjxUw_4CP2FiUuRugXnVaG9MeW6Defo; uid_id2=65d79c97-f874-4bb6-9e91-783c1e111184:1:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl26794591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 232414f641ca10dc66652c4c0c570375\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pl26987060.profitableratecpm.com/1c/87/18/1c8718497824d06b244a8ea041da5db8.js","fqdn":"pl26987060.profitableratecpm.com","domain":"profitableratecpm.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.134Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /1c/87/18/1c8718497824d06b244a8ea041da5db8.js HTTP/1.1\r\nHost: pl26987060.profitableratecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 25 Aug 2025 23:37:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38478\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: pl26987060.profitableratecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 397b326db3c69e6b03e9e9c56abd58ae\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105888,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"436f610f6519b8e9e70372d000a05494","sha1":"c667123a5a97df324928087029550b80ef03d4a6","sha256":"9a83adc0af799826c542a0e02ca577129494859629176b97f4a1d134191a8768","sha512":"8c2877a57355c28c298f1fed2bf2fd1ad37d261ac4f80e90fc79cb0eccbf24bdb05d28cc9a28ed0ebcea4b7db0f44fe525101a5512f2a884a9487ca6a76ab9e1","ssdeep":"1536:dyINpJazVMiUsbaeBvat/xp1P2PNrdMCC2cevmiwB/BDMCIuv5Y:j6VMiUs7ahxp521rcuZwH2uC","tlshash":"9da3a8487f90fcbe02566033663f951bf1aa0e415958c988d11afdb42a3c31bfa3da75","first_seen":"2025-08-24T17:59:16.132525Z","last_seen":"2025-08-26T09:45:03.662004Z","times_seen":22,"resource_available":true,"data":null}},"time_used":420,"timings":{"blocked":114,"dns":25,"connect":91,"send":0,"wait":98,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"pl26987060.profitableratecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.highperformanceformat.com/2027a50cb46e987ec92bde847883c82e/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.136Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2027a50cb46e987ec92bde847883c82e/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 25 Aug 2025 23:37:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 14983\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5f334cbf6b290eb4977dd7a46e6badea\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34071,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (34071), with no line terminators","md5":"00588fd35867ac5bee1b2f8eec02d0a2","sha1":"31ad1d67ad16252133ba10555dd28013965a5110","sha256":"975b6d4f81c54a8b79a214843df9916d9f6bb0a9122aaf08dd1d34f0a2269cb5","sha512":"04797586890854b6650977d754f28c5f57b37e51881dd9641d5f64ce224c27e1cf7d526e587f7116f3a9cab2507aa6e6ebe7311d9765caa435d7c9e4cc33db81","ssdeep":"768:WBcqYtc5vIm+3UJFUhwlnYRpKgE43kRRwlEK8cQa2B9FQ:WWiIJEJyhwln6Kk3kRylEK8cUE","tlshash":"f8e2e78c3f60b05813da303f733f960de9960c0aa894c549c06bb5ecb97c767e5769a8","first_seen":"2025-08-24T20:59:22.702575Z","last_seen":"2025-09-02T17:49:16.598397Z","times_seen":32,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":91,"dns":1,"connect":93,"send":0,"wait":95,"receive":95,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://unleashtheleader.blog\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 25 Aug 2025 23:37:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: http://unleashtheleader.blog\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=74b59c55-be92-44cc-aba8-1f961be6320e:2:1; expires=Thu, 23 Aug 2035 23:37:16 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"dd0595108bad4736e73a54e1a5de2e94","sha1":"9ab2cd53d55259c7658922f55419f6b9412157ec","sha256":"3ab31f1da1e92b739f4960143b73388150367f7d9f58c14f0cb0bf8a092939f1","sha512":"db721abe3f26a72528fb50ad91df27dd2fbd7cc10e1a305798ebd1a2c1a6871ad0b7e94e037963cc074c8913929f95cda2141536895e372f4b00052dc762227c","ssdeep":"","tlshash":"26900443c134f440d0117c4457151454fdc140d50c143070cf304c04757375510c4174","first_seen":"2025-08-25T23:37:38.902715Z","last_seen":"2025-08-25T23:37:38.902715Z","times_seen":1,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":77,"dns":11,"connect":21,"send":0,"wait":21,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/watch.723420244195.js?key=2027a50cb46e987ec92bde847883c82e\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026tz=0\u0026dev=e\u0026res=14.3093\u0026rb=\u0026uuid=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1%3A1%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /watch.723420244195.js?key=2027a50cb46e987ec92bde847883c82e\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026tz=0\u0026dev=e\u0026res=14.3093\u0026rb=\u0026uuid=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1%3A1%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://unleashtheleader.blog\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: http://unleashtheleader.blog\r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://torchfriendlypay.com/watch.723420244195.js?dev=e\u0026key=2027a50cb46e987ec92bde847883c82e\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026pst=1756165097\u0026rb=\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026res=14.3093\u0026rmtc=t\u0026shu=f44ce90a50d40625848c9ee3984e095ec42c425a70edd20ce95ae78fcdc84e3a2b7087a30bfceebc033601192a93d9fd10dab2c1646bd5718dcb33c892c5bd21d9be6103db42c0dabefced95d06910e4f99f753bbe8ee15e128d\u0026tz=0\u0026uuid=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1%3A1%3A1\r\nSet-Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjc5NDYwNCwiayI6IjIwMjdhNTBjYjQ2ZTk4N2VjOTJiZGU4NDc4ODNjODJlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDIzMzQ1LCJwaWQiOjMyOTcxMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoicjlzNzVhaHk2OSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3VubGVhc2h0aGVsZWFkZXIuYmxvZy9nby8_aWQ9bmFkaWFha2luZ2clMjBvbmx5ZmFucyIsImFyIjpbXX19.bHIgTnUfshw4AwuqPLXz4ypkWho0M54Cn-xEt96y5Gw; expires=Mon, 25 Aug 2025 23:38:17 GMT; path=/; secure; SameSite=None\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d835ca8db1e1a0b8aac65b9531c4af64\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4802,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":649,"timings":{"blocked":271,"dns":3,"connect":92,"send":0,"wait":93,"receive":1,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/ce/9e/e2/ce9ee248f8bf08df189aad586627b9aa/1753952160.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:17.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/ce/9e/e2/ce9ee248f8bf08df189aad586627b9aa/1753952160.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 25 Aug 2025 23:37:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 65938\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 31 Jul 2025 08:56:00 GMT\r\netag: \"688b2fa0-10192\"\r\nexpires: Wed, 27 Aug 2025 23:37:17 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65938,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:07:29 13:55:14], progressive, precision 8, 300x250, components 3","md5":"758395973502ce555bbbbbbdbe91ca9e","sha1":"cac06c68c1a78e9f0c7670ed371cf29a667303df","sha256":"a994441bd9dccc510ea390261d9d8b345ae6e0588582fae3d18443cfb32a7d11","sha512":"ae0f7c250a76e2c0f631d6ca94051a5baab71a1b21c9162109b199b8098c039c12fe1bd888059c186f73946fe79dc7f5a35ff03ede974f1770b767581296ab2d","ssdeep":"1536:UmS7BX8hYmS7BX8hdUlj9IJpwHPvNRrYoWIiT:UmsTmsTljvYoWIg","tlshash":"0053e1290b91cea0f0d64e7954f2dfb92751ef314783362474ecea047bb1292c9dab16","first_seen":"2025-07-31T19:45:45.514561Z","last_seen":"2025-09-02T18:05:05.882763Z","times_seen":346,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":45,"dns":1,"connect":19,"send":0,"wait":46,"receive":19,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-25T23:37:15.518Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /go/?id=nadiaakingg%20onlyfans HTTP/1.1\r\nHost: unleashtheleader.blog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 25 Aug 2025 23:37:15 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F1rGp7w%2BVV0IPc15JmHxbvzobMEDv8dVqbaIxIS3bVf60j3W2fDhv9coN3jirkH5r7hrKc0RuBrFkgUDVbOvl1BkHK3dF9jjF%2FQ2Z7Y%2FpO4oPzw%3D\"}]}\r\nCf-Cache-Status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: 974eea9008ee5691-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4616,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"3c779c1d59bb1e166a1a454ac768f228","sha1":"56282e4f22ac8147085100b9875c5c6a43036818","sha256":"def8e6c1cb915ca0b08ed92988bceeef202337773bf64ca5c087d9f18bf197bf","sha512":"c4d262de53c4bbe1652127b7cec9c6ba0a6b2f62565af6f2cd9b9876a3b5adead06b89553029a6b7ffaeca50e6ceb16ae67656fe4c9b5c948f8d467ba8a9d8b9","ssdeep":"96:XDz+Wm/Fg8TFTX8C/AMTKL5UlL3U0wM5dNljjag4mhnq780:XDaWm/Fg8TFT12L5UlL3U0wsNhjag4eY","tlshash":"3b91759a9da380456c6394555bf7e34532a4e403d24acd5a3fdc9598cfc6bcc8cab38c","first_seen":"2025-08-25T23:37:38.908232Z","last_seen":"2025-08-25T23:51:13.580735Z","times_seen":3,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":1,"dns":1,"connect":1,"send":0,"wait":426,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://unleashtheleader.blog\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 25 Aug 2025 23:37:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: http://unleashtheleader.blog\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1:1:1; expires=Thu, 23 Aug 2035 23:37:16 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"7322d7c28da3bf22200c25b0948a60b5","sha1":"78187d1972d2efa6c4188ba8442cf18804c5ad03","sha256":"773fc4d489d3877e90b41594afe9323a88166786cdf7963f6e2c9e573398bf14","sha512":"4441716d712f2685922e75cbe3bfa576b6499f5c1a03e81e34e087f2c7b8d5c8c1f87d7d6c5d1d796c953e502467c23be6579698884d7557603e99c0a117f0ca","ssdeep":"","tlshash":"48900454c041741014cc75375404cd13c01c04051504c51c0440f41500440401f7cd7d","first_seen":"2025-08-25T23:37:38.911226Z","last_seen":"2025-08-25T23:37:38.911226Z","times_seen":1,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":76,"dns":3,"connect":20,"send":0,"wait":21,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.531Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 00bb0ae0c1e2782e26916ca87f21078b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":20,"dns":1,"connect":20,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.847103586533.js?key=25a1f370ca5f8f418d35d7aea487fa2b\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026tz=0\u0026dev=e\u0026res=14.3093\u0026rb=\u0026uuid=65d79c97-f874-4bb6-9e91-783c1e111184%3A1%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /watch.847103586533.js?key=25a1f370ca5f8f418d35d7aea487fa2b\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026tz=0\u0026dev=e\u0026res=14.3093\u0026rb=\u0026uuid=65d79c97-f874-4bb6-9e91-783c1e111184%3A1%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://unleashtheleader.blog\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: http://unleashtheleader.blog\r\naccess-control-allow-credentials: true\r\nlocation: https://wayfarerorthodox.com/watch.847103586533.js?dev=e\u0026key=25a1f370ca5f8f418d35d7aea487fa2b\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026pst=1756165097\u0026rb=\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026res=14.3093\u0026rmtc=t\u0026shu=1a1faed58f482d184cbdbc295996844e65c93a50ccbb18d41240d7bae97ef070b4195ca854e28b6382f8475ef763b51b2267cde665de0120a5aeeb6522325c44caba537381793c3b322df2c00da0b3cd0704cfd36526a3a70c5c\u0026tz=0\u0026uuid=65d79c97-f874-4bb6-9e91-783c1e111184%3A1%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjc5NDU5MSwiayI6IjI1YTFmMzcwY2E1ZjhmNDE4ZDM1ZDdhZWE0ODdmYTJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDIzMzQ1LCJwaWQiOjMyOTcxMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJmbXptNWo2ZDJkIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdW5sZWFzaHRoZWxlYWRlci5ibG9nL2dvLz9pZD1uYWRpYWFraW5nZyUyMG9ubHlmYW5zIiwiYXIiOltdfX0.nd2HA1FteXAPTjxUw_4CP2FiUuRugXnVaG9MeW6Defo; expires=Mon, 25 Aug 2025 23:38:17 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 21868f5336bbb514e089006c4d2a7fbf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4808,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":733,"timings":{"blocked":301,"dns":1,"connect":103,"send":0,"wait":117,"receive":0,"ssl":208},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"flushpersist.com/pxf.gif?uuid=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3093\u0026b_frame=0\u0026pk=1c8718497824d06b244a8ea041da5db8\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.907Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /pxf.gif?uuid=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3093\u0026b_frame=0\u0026pk=1c8718497824d06b244a8ea041da5db8\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 60f9f6f98f70fd7c5a9c46a7a3bd4b85\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":290,"timings":{"blocked":93,"dns":1,"connect":93,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.847103586533.js?dev=e\u0026key=25a1f370ca5f8f418d35d7aea487fa2b\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026pst=1756165097\u0026rb=\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026res=14.3093\u0026rmtc=t\u0026shu=1a1faed58f482d184cbdbc295996844e65c93a50ccbb18d41240d7bae97ef070b4195ca854e28b6382f8475ef763b51b2267cde665de0120a5aeeb6522325c44caba537381793c3b322df2c00da0b3cd0704cfd36526a3a70c5c\u0026tz=0\u0026uuid=65d79c97-f874-4bb6-9e91-783c1e111184%3A1%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:17.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /watch.847103586533.js?dev=e\u0026key=25a1f370ca5f8f418d35d7aea487fa2b\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026pst=1756165097\u0026rb=\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026res=14.3093\u0026rmtc=t\u0026shu=1a1faed58f482d184cbdbc295996844e65c93a50ccbb18d41240d7bae97ef070b4195ca854e28b6382f8475ef763b51b2267cde665de0120a5aeeb6522325c44caba537381793c3b322df2c00da0b3cd0704cfd36526a3a70c5c\u0026tz=0\u0026uuid=65d79c97-f874-4bb6-9e91-783c1e111184%3A1%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://unleashtheleader.blog\r\nReferer: http://unleashtheleader.blog/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjc5NDU5MSwiayI6IjI1YTFmMzcwY2E1ZjhmNDE4ZDM1ZDdhZWE0ODdmYTJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDIzMzQ1LCJwaWQiOjMyOTcxMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJmbXptNWo2ZDJkIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vdW5sZWFzaHRoZWxlYWRlci5ibG9nL2dvLz9pZD1uYWRpYWFraW5nZyUyMG9ubHlmYW5zIiwiYXIiOltdfX0.nd2HA1FteXAPTjxUw_4CP2FiUuRugXnVaG9MeW6Defo\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: http://unleashtheleader.blog\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=65d79c97-f874-4bb6-9e91-783c1e111184:1:1; expires=Mon, 01 Sep 2025 23:37:17 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\npdhtkv5=true; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\nuncs5=1; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\nu_pl26794591=1; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 7\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e2a7dbd6ecd0ce78e531e3917125544c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4808,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3932)","md5":"a840dad67449e41f3ac8542ca66493cd","sha1":"f12daa68972c2fda99174e7b00fa2d56a0382050","sha256":"e43809cf8ff2d983577c04531ac68e901084d217776dfed821dd6d6916b2fd60","sha512":"3bd068d732bb66da91bb68bcf8b8ceaf837da400b457f1dc49cb8539503b78731fd893cad9e266afc3df0ccaac7ecce4d8ce1fd3ebdb3c96efc8bcd4e7e9120d","ssdeep":"96:SozyH43GjQgmLghQ2hZAizrU9LBVgwavKTSIizAk1/D8CfMEDaH:PzDVLgNZ9zrUX+wObIikcb8CkCaH","tlshash":"34a13cb62dc1c169ac6670bf657752483d51402f1a42fc46be4c562b5f00ba90f28dfc","first_seen":"2025-08-25T23:37:38.913507Z","last_seen":"2025-08-25T23:37:38.913507Z","times_seen":1,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"unleashtheleader.blog/favicon.ico","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:17.336Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: unleashtheleader.blog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1%3A1%3A1; pp_main_1c8718497824d06b244a8ea041da5db8=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fqcg%2BWPSxcpIPt5FcqsAb4WXo56dIPqk5iXUuaK1NbsDzJu%2FR7ae9dk3VLzK8etpic4y1G7rrg9dpd83NmlbUC9LF3ZYZagzjYzrNvVDkPwmPL4%3D\"}]}\r\nCache-Control: max-age=14400\r\nCf-Cache-Status: EXPIRED\r\nContent-Encoding: gzip\r\nCF-RAY: 974eea9b5fc85691-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-04-15T20:12:40.158112Z","times_seen":10726,"resource_available":true,"data":null}},"time_used":792,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":403,"receive":389,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/3a/db/c2/3adbc299fbb9d29f879c7e8f9ff643b1/1753377818.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:17.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/3a/db/c2/3adbc299fbb9d29f879c7e8f9ff643b1/1753377818.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 25 Aug 2025 23:37:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 33888\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 24 Jul 2025 17:23:39 GMT\r\netag: \"68826c1b-8460\"\r\nexpires: Wed, 27 Aug 2025 23:37:17 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33888,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:07:24 11:29:35], progressive, precision 8, 468x60, components 3","md5":"f381f84cc23a1845e85fcd62a3063fc6","sha1":"9857bbfa1023f23071e5c15169c8e8bfcd3e9b78","sha256":"e2c05d8997609ca478092c851303e8d7939f1bd5ddacfeff4bb77651250e0de6","sha512":"2954b0658ae92c872e0d8ef0c35e502c428a637208734eee9198461f4d829ee48961b53236504aad775e767bed4cd2c2092c789fcd4c0891b66a2f5203a5c0c6","ssdeep":"768:1VioRlYyXClhnqVl5URx5PE1725CeXiZYeE:XlrtAjEk5daYeE","tlshash":"59e2ae1abba1df60fed4a53469d1c3864723fe84f3a366e4b84d35413b712c6dc89212","first_seen":"2025-07-29T20:15:04.537931Z","last_seen":"2025-08-30T23:17:29.017166Z","times_seen":121,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":42,"dns":0,"connect":19,"send":0,"wait":38,"receive":8,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unleashtheleader.blog/go?id=nadiaakingg%20onlyfans","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-25T23:37:15.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unleashtheleader.blog","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 01:17:20 GMT","end":"Fri, 21 Nov 2025 00:13:15 GMT"},"fingerprint":{"sha1":"F0:1B:E5:FE:00:BD:55:2E:36:0A:B8:AB:75:80:54:1B:58:EF:95:CF","sha256":"93:82:EA:B4:7E:36:99:FD:A9:01:71:3F:E0:32:C4:A7:E2:51:83:B6:FF:06:0F:52:82:59:E1:7A:FC:C3:CF:9A"}}},"request":{"raw":"GET /go?id=nadiaakingg%20onlyfans HTTP/1.1\r\nHost: unleashtheleader.blog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Mon, 25 Aug 2025 23:37:15 GMT\r\ncontent-type: text/html\r\nlocation: http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zgCJ0m%2FTcAz1iYDxB7J7aQpyU8b6JEF75o1l5Y3BmLNbpqCuJHhzivbkzIP6ZZa%2FxjuHIANfvM1%2FmCWxH4fIJi%2FNxz1y2%2FdmpvVwYXa08%2BNO%2F0k%3D\"}]}\r\ncf-ray: 974eea8ebb90b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4616,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.highperformanceformat.com/25a1f370ca5f8f418d35d7aea487fa2b/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.137Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /25a1f370ca5f8f418d35d7aea487fa2b/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 25 Aug 2025 23:37:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 14979\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9bde1b1b3ff879e83d41318cf0ce2be7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34071,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (34071), with no line terminators","md5":"f9ff3ff348e9f384161aa41b71d10b4e","sha1":"2fe04394be06c274950289dc30ca8d69e512ea6a","sha256":"e2ead35b8fdfcc4cdf148ac5eeb98a756db67c8b45183a6e18c45c369363efb3","sha512":"83b04f38a322c4d9d562962949a50442ccc545fbef9b3913ce03b5c06ad17ba584227111ce94a699e5a77f7366d551dccc1fd00a037290b67a2e01ed28ff383b","ssdeep":"768:WBcqYtc5vIm+3UJeUhwlnYROKgE43kRRwlEK8cQa2B9mh:WWiIJEJthwlnlKk3kRylEK8cUw","tlshash":"4be2f88c3f60b05813da307f732f970de9960c0aa894c549c06bb5ecb97c767e5769a8","first_seen":"2025-08-24T09:18:24.356251Z","last_seen":"2025-09-01T17:37:34.451902Z","times_seen":37,"resource_available":true,"data":null}},"time_used":418,"timings":{"blocked":101,"dns":0,"connect":105,"send":0,"wait":107,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"wayfarerorthodox.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1585\u0026rd=1585\u0026fd=331\u0026bv=25.8.5278\u0026tmpl=70","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":80,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.488Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1585\u0026rd=1585\u0026fd=331\u0026bv=25.8.5278\u0026tmpl=70 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:16 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":101,"dns":1,"connect":101,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"wayfarerorthodox.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":80,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.493Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2570\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c9a4b53926df943722c20ddbaf11b0af\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5080,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5080), with no line terminators","md5":"a524ecfbd97124fd2e9c3f6ad371ca23","sha1":"a281b89a51cfe367f92816be50eba55ccc0eaee6","sha256":"5549a01f3d1c788c8e44dc8a54e5c9103880b5608d3b44e0a0ea4ebd124dc18f","sha512":"dbfa06ea3faf0b6451668b8634e61e52c71ac098f26b08551cac54344128a205b2378e56953102dda758aa63fab8ed1e22c3a74eda39a154caff8f2b6b3bdee5","ssdeep":"96:WhmlSzNzYF4RWz3qVeBYJ2gzAKAYaR/tCP/KZhWAEGo:SmAz+60BSF81RM3KZoGo","tlshash":"b1a1618e3f81b4ac069270372f3f6e0ef13a5c55195ad4d8d202a0a47f28a39d4b6b55","first_seen":"2025-08-06T23:31:31.906679Z","last_seen":"2025-09-26T10:32:45.122277Z","times_seen":4581,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":90,"dns":1,"connect":91,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":80,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.494Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:16 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7e93eab53a41993c52fc2238bb5d0c57\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":16,"dns":0,"connect":17,"send":0,"wait":28,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:16.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://unleashtheleader.blog\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unleashtheleader.blog/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 25 Aug 2025 23:37:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: http://unleashtheleader.blog\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=65d79c97-f874-4bb6-9e91-783c1e111184:1:1; expires=Thu, 23 Aug 2035 23:37:16 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"9295c07f191876082e5551e56a4aac4a","sha1":"0e0fcebcba16aaede9bab7c51d568303a6c78c1f","sha256":"447647926c6ceb47c7a0e9e4cd17b037bd33142c80f280292464d21cb8a28666","sha512":"ccf07f6276ff90b65b42f40c2aa55d91b2951475960a1a5f2e875972179d4944c226de748510f4889bca9e017d11e366ebf28faa420a771e1e4cc1490f10953d","ssdeep":"","tlshash":"1490044c3dd43504044407fc114070cd0c044151d000c411c154cc4df40c0144c7743f","first_seen":"2025-08-25T23:37:38.920737Z","last_seen":"2025-08-25T23:37:38.920737Z","times_seen":1,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":66,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/watch.723420244195.js?dev=e\u0026key=2027a50cb46e987ec92bde847883c82e\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026pst=1756165097\u0026rb=\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026res=14.3093\u0026rmtc=t\u0026shu=f44ce90a50d40625848c9ee3984e095ec42c425a70edd20ce95ae78fcdc84e3a2b7087a30bfceebc033601192a93d9fd10dab2c1646bd5718dcb33c892c5bd21d9be6103db42c0dabefced95d06910e4f99f753bbe8ee15e128d\u0026tz=0\u0026uuid=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1%3A1%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:17.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /watch.723420244195.js?dev=e\u0026key=2027a50cb46e987ec92bde847883c82e\u0026kw=%5B%22continue%22%2C%22to%22%2C%22nadiaakingg%22%2C%22onlyfans%22%5D\u0026pst=1756165097\u0026rb=\u0026refer=http%3A%2F%2Funleashtheleader.blog%2Fgo%2F%3Fid%3Dnadiaakingg%2520onlyfans\u0026res=14.3093\u0026rmtc=t\u0026shu=f44ce90a50d40625848c9ee3984e095ec42c425a70edd20ce95ae78fcdc84e3a2b7087a30bfceebc033601192a93d9fd10dab2c1646bd5718dcb33c892c5bd21d9be6103db42c0dabefced95d06910e4f99f753bbe8ee15e128d\u0026tz=0\u0026uuid=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1%3A1%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://unleashtheleader.blog\r\nReferer: http://unleashtheleader.blog/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjc5NDYwNCwiayI6IjIwMjdhNTBjYjQ2ZTk4N2VjOTJiZGU4NDc4ODNjODJlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDIzMzQ1LCJwaWQiOjMyOTcxMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoicjlzNzVhaHk2OSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3VubGVhc2h0aGVsZWFkZXIuYmxvZy9nby8_aWQ9bmFkaWFha2luZ2clMjBvbmx5ZmFucyIsImFyIjpbXX19.bHIgTnUfshw4AwuqPLXz4ypkWho0M54Cn-xEt96y5Gw\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: http://unleashtheleader.blog\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: uid_id2=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1:1:1; expires=Mon, 01 Sep 2025 23:37:17 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\npdhtkv27=true; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\nuncs27=1; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\nu_pl26794604=1; expires=Tue, 26 Aug 2025 23:37:17 GMT; path=/; secure; SameSite=None\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6635dbc8b1d9dadd25b9d8f567dcd0ed\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4802,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3926)","md5":"090bacd5467454d0d027446824d3d9a0","sha1":"ece4c08c5a21d0f8908ac7edb55d2b155b73384f","sha256":"d3434d880941a328ef4f357e79c64a72f83ca4115503db9762f21ce67d40ba53","sha512":"ccb9c6ccdcba73066226b3ad42e585c56e6f45c2c7045aab02689f4aee1adff8a538ba0a187d0271b5ec32371713ffd4bac152ae7a4d6065e236fa295005f2bc","ssdeep":"96:s7ozoPh6KKuE0exvrO1H3F9i6KKuE0exvrO1Bb1/DYCfMEDaH:Bze6v0exr21w6v0exrebYCkCaH","tlshash":"e7a10922df96a374ec67b43d06dab6483502150a6721ef477c8de2195f706f40e54eec","first_seen":"2025-08-25T23:37:38.92253Z","last_seen":"2025-08-25T23:37:38.92253Z","times_seen":1,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/impr.gif?sid=H4sIAAAAAAAC_1RTz4scxRev2eT7FcxBjD8OepmDB4XsbHV3dU-3OYgxRoJrEpJIDnqpX71bbk9Xp6p7erOnkIDk5nrLsfczmyxqDApeBZn1FhEcTytkL_4FEshZZrOw8UG99z71eQWfV_Xqy61mn0Ro-N6lT-yGKQq-FA9o_-1rplS29f0LV_sBHdDT_WumTNjp_vrcufG7QcQG9J3-R1qu2aWQBpQGNOifM07ndn3pgIWpHmTBIKMDFg6CmGHd_Rf7pgfPe1DjfXISRs1e-jv_DEZOUY5-OKv9Wm2rUx-OmoLX1mGsdj4t10rblhgdpbnrIS93Dqth_YyQuwuw5c5hB7Dj7XkHEGZGFl5_DFHuHMqEGN97plQU0CWEOoF2PIUudmH4FNLehlF_EEAqXLiIcnT_gnUtv_GM5XN2Ro4_fQLTzsjxx6-iHD08U5j1_hVbNLWxpcd63sGsT2FWpqiaXdQbCzDtLmR9C0b9TpaeLqMcbV_0hYVRe29FkvI8T_LFmOXxIuM8WxQyzhdFEqdhFmRSyeDgikw-Bfc9NPNlemjyHpqqh5Ha6zOaMhnwKMkzJYeUccaUFjRLQ0p5Jodo5Fz7JupqE7LYhHQ3UbmbWDNfz0jvxEm45hf41b2fcsakziiPqWI0CeOUpTLTOspSpmkWa8lCycKYD6lWKqRSZzHXwzSXSqZMRzwUQ5oOeURFLrUWkkZRQoMgC3kWqSxXAVVchDJIWCJUPAxSJUUUyTQLZSxUGKhM6CSgkRIslPNanUutsljRJAuoZnmW5cM4EkKnWgexDsJUwasefE0wVh1aTdB6gpYTtIagrQnacXdPFT703X1V-EYEhzE8jFE3sfXKFr9n6xVdEnC3Cae6bVNd97ch62OTjdyriZ07LupuwoXqtqp98vJ8IHp3_yqwpvf6IQ2HPKZSsERn6VDLLBRKp2yYppFMQw1vOhi_cPCMG2ZGlu9fR2Vm5H8v_APBd-GLXUjzGnjzJng7YUkKvoqEYqN8WKyu2pFWWlo3kBzKdqjq46hv9LaKffLGwWR-_tsWtHxEDg3Sdahchy_MrwQrxZ3JZduS7cu29eTHi1VtRmaDz6f2Ss1r_f9vP9Y3WuvU-bN-85v35ZyYpw-ual8v81KZcsWT784YpbQ7Z53U5Ofz_poWlxq_eqZxZVMtX_rg3PlR5bT3xpZTcDMjL-6fgjQz8sr13YMfyW59BeOmcE2HUfOc1uomfHWEvSVwxREWFUHbdBMXiqPNwhAU-ghz0cE_h8VRPnF8fpqbbsvfwYrrgde3UY46jF2HcdGBF5vwzbFJXblH7_0ZHRhE0ZuIwpFtUbg5b_b6eaRDSWk6TIIozXUQMSXzOGWZSjiNIo3az1YfPPn-3wAAAP__iukwAWoFAAA=","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unleashtheleader.blog/go/?id=nadiaakingg%20onlyfans","date":"2025-08-25T23:37:17.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTz4scxRev2eT7FcxBjD8OepmDB4XsbHV3dU-3OYgxRoJrEpJIDnqpX71bbk9Xp6p7erOnkIDk5nrLsfczmyxqDApeBZn1FhEcTytkL_4FEshZZrOw8UG99z71eQWfV_Xqy61mn0Ro-N6lT-yGKQq-FA9o_-1rplS29f0LV_sBHdDT_WumTNjp_vrcufG7QcQG9J3-R1qu2aWQBpQGNOifM07ndn3pgIWpHmTBIKMDFg6CmGHd_Rf7pgfPe1DjfXISRs1e-jv_DEZOUY5-OKv9Wm2rUx-OmoLX1mGsdj4t10rblhgdpbnrIS93Dqth_YyQuwuw5c5hB7Dj7XkHEGZGFl5_DFHuHMqEGN97plQU0CWEOoF2PIUudmH4FNLehlF_EEAqXLiIcnT_gnUtv_GM5XN2Ro4_fQLTzsjxx6-iHD08U5j1_hVbNLWxpcd63sGsT2FWpqiaXdQbCzDtLmR9C0b9TpaeLqMcbV_0hYVRe29FkvI8T_LFmOXxIuM8WxQyzhdFEqdhFmRSyeDgikw-Bfc9NPNlemjyHpqqh5Ha6zOaMhnwKMkzJYeUccaUFjRLQ0p5Jodo5Fz7JupqE7LYhHQ3UbmbWDNfz0jvxEm45hf41b2fcsakziiPqWI0CeOUpTLTOspSpmkWa8lCycKYD6lWKqRSZzHXwzSXSqZMRzwUQ5oOeURFLrUWkkZRQoMgC3kWqSxXAVVchDJIWCJUPAxSJUUUyTQLZSxUGKhM6CSgkRIslPNanUutsljRJAuoZnmW5cM4EkKnWgexDsJUwasefE0wVh1aTdB6gpYTtIagrQnacXdPFT703X1V-EYEhzE8jFE3sfXKFr9n6xVdEnC3Cae6bVNd97ch62OTjdyriZ07LupuwoXqtqp98vJ8IHp3_yqwpvf6IQ2HPKZSsERn6VDLLBRKp2yYppFMQw1vOhi_cPCMG2ZGlu9fR2Vm5H8v_APBd-GLXUjzGnjzJng7YUkKvoqEYqN8WKyu2pFWWlo3kBzKdqjq46hv9LaKffLGwWR-_tsWtHxEDg3Sdahchy_MrwQrxZ3JZduS7cu29eTHi1VtRmaDz6f2Ss1r_f9vP9Y3WuvU-bN-85v35ZyYpw-ual8v81KZcsWT784YpbQ7Z53U5Ofz_poWlxq_eqZxZVMtX_rg3PlR5bT3xpZTcDMjL-6fgjQz8sr13YMfyW59BeOmcE2HUfOc1uomfHWEvSVwxREWFUHbdBMXiqPNwhAU-ghz0cE_h8VRPnF8fpqbbsvfwYrrgde3UY46jF2HcdGBF5vwzbFJXblH7_0ZHRhE0ZuIwpFtUbg5b_b6eaRDSWk6TIIozXUQMSXzOGWZSjiNIo3az1YfPPn-3wAAAP__iukwAWoFAAA= HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjc5NDYwNCwiayI6IjIwMjdhNTBjYjQ2ZTk4N2VjOTJiZGU4NDc4ODNjODJlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDIzMzQ1LCJwaWQiOjMyOTcxMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoicjlzNzVhaHk2OSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3VubGVhc2h0aGVsZWFkZXIuYmxvZy9nby8_aWQ9bmFkaWFha2luZ2clMjBvbmx5ZmFucyIsImFyIjpbXX19.bHIgTnUfshw4AwuqPLXz4ypkWho0M54Cn-xEt96y5Gw; uid_id2=3c0aff6f-54f5-4aa9-bc5f-b6582919cdc1:1:1; pdhtkv=true; uncs=1; pdhtkv27=true; uncs27=1; u_pl26794604=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 25 Aug 2025 23:37:17 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c90a9767a5bc875f15c48420e302e189\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-25","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unleashtheleader.blog/join/56451","fqdn":"unleashtheleader.blog","domain":"unleashtheleader.blog","tld":"blog"},"ip":{"addr":"104.21.44.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-25T23:37:14.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unleashtheleader.blog","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 01:17:20 GMT","end":"Fri, 21 Nov 2025 00:13:15 GMT"},"fingerprint":{"sha1":"F0:1B:E5:FE:00:BD:55:2E:36:0A:B8:AB:75:80:54:1B:58:EF:95:CF","sha256":"93:82:EA:B4:7E:36:99:FD:A9:01:71:3F:E0:32:C4:A7:E2:51:83:B6:FF:06:0F:52:82:59:E1:7A:FC:C3:CF:9A"}}},"request":{"raw":"GET /join/56451 HTTP/1.1\r\nHost: unleashtheleader.blog\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 25 Aug 2025 23:37:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlocation: /go?id=nadiaakingg onlyfans\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HonLYW%2Bnj7gQKWuOlxzBJ3QIWHKtrb915gKM3NmiE6bOQGjgqXAjeZCq4XlQOuIONll0nzgHW7u5iaPMYLLtMt4XP1K%2FmxUJF83roZEAiVGnVmU%3D\"}]}\r\ncf-ray: 974eea8c2a5cb4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4616,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":446,"timings":{"blocked":19,"dns":0,"connect":1,"send":0,"wait":408,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}