{"report_id":"b7dcc624-e9e5-46b4-95d6-fb460c67eb6b","version":0,"status":"done","tags":[],"date":"2026-07-13T01:30:00Z","url":{"schema":"http","addr":"aa.levan.cc","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"aa.levan.cc/","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"title":"WhatsApp","dom":{"size":25303,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22633)","md5":"d44d5316579f948c963ad0c07c2d1166","sha1":"e0ae08e23ced2c0e991d56f181bf93240211112d","sha256":"804771548621aaa876f8d4cab955b35766ff1cdce7fa0d872cb304bfbc1bbe85","sha512":"c05c1d4e10d50cb19233b34908d2b2881f3b5c93dff09f3f8520b6686189eb4e2213326f0c3cde2373be0740ec5df6086ecbc156b6367239214f07df71a2a03c","ssdeep":"384:0VbQBDNzggaoZDW5dNQr71NzeltP5XkLwi5m0D2bX:0VEtdggaZNQFNz2tPwp5VQ","tlshash":"09b2d831e999a5ee017fc5c0ae61bb2d2fc2f30fda59404319aa8e650fc7d65b50e06c","dom_hash":"domhashd9aa3e069c0439364686bac34eb5bf7f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"aa.levan.cc","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-17T01:30:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"aa.levan.cc","ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"domain_registered":"2026-03-10","domain_rank":0,"first_seen":"2026-07-13T00:29:30.491577Z","last_seen":"2026-07-13T00:29:30.491577Z","alert_count":27,"request_count":9,"received_data":2384216,"sent_data":4485,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"9c29d718419785022b347378791e4192.5qt6u.sbs","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-06-08T13:09:09.265192Z","last_seen":"2026-07-13T00:29:32.364999Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":574,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"aa.levan.cc/","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":true,"md5":"8a4389d2fb81b0c13728cbeb4dbde294","sha1":"a1d5a77be03d0ba85ce267732a87cddad56a150b","sha256":"e01d18e732a17074e9e171b1a9a2450849820475e63b57884ee6d5efa37ccf0c","sha512":"51beb47c550837378ce90d1bfcf7d9e32edeb0845146966adc55bd3a6caa30abd3fb8e0db0bb6f039894df052569f53612e9f066907d39d6fe85b8b48495fc4b","ssdeep":"","tlshash":"c0e0c083a0bf3a4c0220811a304ac0076bbe08b2ef864d610c9c3ba5cef9f4fc56d859","size":356,"data":"","first_seen":"2025-04-11T12:06:40.284619Z","last_seen":"2026-07-13T05:56:09.67602Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/assets/index-8fcc18c5.js?v=202607111545","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"38a50f477c84b522d6be2c0e9843f2c2","sha1":"65e21ed6afdcf2953ade97afd951803d1e7bd299","sha256":"33723cc792e3737f7863dcb46688d3a55c7860250d9d98173145f4e25ba0f7d8","sha512":"f993846fff7ea036287ea61f7e2f4748c8b5b53673ca267d4f8cac2a2e25d9ebd56e695baa15a42195a6b99a0b0a49d351fc65a7099e7f454718012f72219e87","ssdeep":"1536:Y8Th0MZy7IttWQ4MTLy9LrT/FHvE+pgo0sPgGm3ZgbKhoYeRLAC8zsldc2Vt:RhByUttFtuFH8+pgoR9m3ZsKi584dxVt","tlshash":"69934af43192b53293fa08e550371005ff69395b3809c499b1acee9f3da689561baf3c","size":90341,"data":"","first_seen":"2026-07-13T00:29:37.506165Z","last_seen":"2026-07-13T01:30:02.350289Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"aa.levan.cc/assets/tips-android-601f965f.png","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:31.503Z","timestamp":1783906171503,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /assets/tips-android-601f965f.png HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:29 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 12 Jul 2026 07:28:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a534207-129a3\"\r\nexpires: Mon, 13 Jul 2026 01:39:29 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76195,"size_decoded":76566,"mime_type":"image/png","magic":"PNG image data, 917 x 428, 8-bit colormap, non-interlaced","md5":"23354e73b45758c95f7f73c51c3011c7","sha1":"71c868aecd4a278017bf86692ee1f4479787422f","sha256":"601f965f190bb7b7235a5366859be6b0dd8ba93d811876a199e337254d6d0e64","sha512":"f94ade7ce8c75c5e2fe2753a0deecf777aafa1cd139e99aa67095c2b9323c6f2096b35410298ab5dbfa1ad768d788a6fdc8e962f5269d165aee06ee33926ba0d","ssdeep":"1536:XpvVBaU84ZtIqND9nZWzGTUWPydcHlddP9KBUpLB:8F4Z7PIzGocddlKipLB","tlshash":"337302ec2c43f439d7a0b31c892b3860e54b375e4cd78b50326e62a446c685769de97f","first_seen":"2024-04-07T06:38:42Z","last_seen":"2026-07-13T01:30:02.344939Z","times_seen":159,"resource_available":false,"data":null}},"time_used":1467,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1467,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/assets/qr-video3-fd14a529.jpg","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:31.507Z","timestamp":1783906171507,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /assets/qr-video3-fd14a529.jpg HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:29 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 12 Jul 2026 07:28:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a534207-f420c\"\r\nexpires: Mon, 13 Jul 2026 01:39:29 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":999948,"size_decoded":745595,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2026:07:01 17:07:18], progressive, precision 8, 3030x6000, components 3","md5":"a52df0a43ba8737b21ed2d194c2d2e53","sha1":"04f85790776e033c6733325f4a1a0034943e2a17","sha256":"fd14a5290c35e6dbe18c5e4d78b22bb7044e6a38ef3dd8c219c1fe425b910d30","sha512":"0016cf4adc4b1249f16d643e6b2886eea5f6bc8fbe6fbb372a0d57702b210f66164f9ea628b43b27fc0b8c58a8c4546bd61990ac42bdef5962acfc0761f8bcfd","ssdeep":"24576:6sSduu8HB8bsjY351T1IK5dyTvkj8aKeUYW:yyB8AjoeoSvkAaKmW","tlshash":"4925025d4b14736fea456371c90b16b88e278d702decacd7320d65983b63eb2fa0c265","first_seen":"2026-07-13T00:29:37.525173Z","last_seen":"2026-07-13T01:30:02.345905Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1464,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1464,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-13T01:29:24.641Z","timestamp":1783906164641,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:23 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 12 Jul 2026 07:28:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a534208-62f\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1583,"size_decoded":1073,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"a1935d4e7e39d61e3795f5f348a68734","sha1":"fb54cf2baede17701a32bdb3adfcea4a75a29715","sha256":"a03a32942aa7a99d5e15209dd138ae522dace2ef5feef9949315718a6f4c251e","sha512":"0c88be1db5e666997ba5c9dd6d74c637325d505456ef1a67662485997b665e665abfbc6ceb735cf8c608adfa60661fbb380a564e5538e17e9aaca1011a39a6bf","ssdeep":"","tlshash":"a431e05370042e4b123083266076e09c87a79c71f5696ca1b49831fbafe4b85c89b675","first_seen":"2026-07-13T00:29:37.502935Z","last_seen":"2026-07-13T01:30:02.346705Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1232,"timings":{"blocked":-1,"dns":66,"connect":291,"send":0,"wait":290,"receive":0,"ssl":584},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"9c29d718419785022b347378791e4192.5qt6u.sbs:8001/apple-touch-icon.png","fqdn":"9c29d718419785022b347378791e4192.5qt6u.sbs","domain":"5qt6u.sbs","tld":"sbs"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:28.529Z","timestamp":1783906168529,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: 9c29d718419785022b347378791e4192.5qt6u.sbs:8001\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-13T06:17:49.943222Z","times_seen":17206107,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/assets/tips-iphone-1a459c97.png","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:31.500Z","timestamp":1783906171500,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /assets/tips-iphone-1a459c97.png HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:29 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 12 Jul 2026 07:28:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a534208-1598f\"\r\nexpires: Mon, 13 Jul 2026 01:39:29 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88463,"size_decoded":88855,"mime_type":"image/png","magic":"PNG image data, 945 x 482, 8-bit colormap, non-interlaced","md5":"b93dddcfb437685ebebbd1b363813e78","sha1":"59bfd7add4b87a91a47e39f2575dbdb98caff357","sha256":"1a459c97f9ae782e2718b8cb73468470dcde46249203d4032dfa0e1921539e5c","sha512":"881551d1a8d1c7ef1b933795141da2a009f7e1099bb2725f23513002edf2907c09aaa3bdbf7b6b20a5faf890261666e813df3cfd97b2fbd8bd21e648a20e8b65","ssdeep":"1536:Z+wlZ1yLBszCS9Z35zgP9cae4Ugmim9DdvsNFYQbdYAg22Weelqy0HoAfdNbjwgw:gSyLB8CS/5aOBAYQbdlz2WekKHF1OgqX","tlshash":"ea8312df1776ca66037a110a780e07a9d62c5731a3d9576f2dbc34d68cadf48b224c62","first_seen":"2024-04-07T06:38:42Z","last_seen":"2026-07-13T01:30:02.348516Z","times_seen":154,"resource_available":false,"data":null}},"time_used":1175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/assets/sg-b0ca3cf8.svg","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:31.505Z","timestamp":1783906171505,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /assets/sg-b0ca3cf8.svg HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:29 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 832\r\nlast-modified: Sun, 12 Jul 2026 07:28:07 GMT\r\netag: \"6a534207-340\"\r\nexpires: Mon, 13 Jul 2026 01:39:29 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":832,"size_decoded":1172,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5a056a68ab721a1e5f86683ba80ce9c3","sha1":"ba3eaae6971be95ccf537aea5537ef1dc7b43964","sha256":"b0ca3cf8c307717c286aeabe86343c2fff6c2deedb6f3843991e9075b78f5e51","sha512":"a7b7b3a06e1f3736ca16896437318ce729c2936e629910b514086443a68678d3c3d62712d0f57ca523847ffeda62e463f3874f6ea66df2971aa5bd852800ce93","ssdeep":"","tlshash":"04018eda93b0b57d0e1783b14ee875e190fb3499b5c502a820da56d822d1287acd5d91","first_seen":"2023-10-12T02:52:45Z","last_seen":"2026-07-13T01:30:02.349311Z","times_seen":233,"resource_available":false,"data":null}},"time_used":2043,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1465,"receive":578,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/assets/index-8fcc18c5.js?v=202607111545","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:26.154Z","timestamp":1783906166154,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /assets/index-8fcc18c5.js?v=202607111545 HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 12 Jul 2026 07:28:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a534204-160e5\"\r\nexpires: Mon, 13 Jul 2026 01:39:24 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":90341,"size_decoded":39952,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (36623)","md5":"38a50f477c84b522d6be2c0e9843f2c2","sha1":"65e21ed6afdcf2953ade97afd951803d1e7bd299","sha256":"33723cc792e3737f7863dcb46688d3a55c7860250d9d98173145f4e25ba0f7d8","sha512":"f993846fff7ea036287ea61f7e2f4748c8b5b53673ca267d4f8cac2a2e25d9ebd56e695baa15a42195a6b99a0b0a49d351fc65a7099e7f454718012f72219e87","ssdeep":"1536:Y8Th0MZy7IttWQ4MTLy9LrT/FHvE+pgo0sPgGm3ZgbKhoYeRLAC8zsldc2Vt:RhByUttFtuFH8+pgoR9m3ZsKi584dxVt","tlshash":"69934af43192b53293fa08e550371005ff69395b3809c499b1acee9f3da689561baf3c","first_seen":"2026-07-13T00:29:37.506165Z","last_seen":"2026-07-13T01:30:02.350289Z","times_seen":2,"resource_available":true,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/assets/index-6176463b.css?v=202607111545","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:26.156Z","timestamp":1783906166156,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /assets/index-6176463b.css?v=202607111545 HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:24 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 12 Jul 2026 07:28:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a534204-f331d\"\r\nexpires: Mon, 13 Jul 2026 01:39:24 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":996125,"size_decoded":215299,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"04f9ba350e31ffafe031e784542e8d71","sha1":"c9d0e7eb0cea5cab5181a967c4e8ef9fb85d6b2a","sha256":"6176463b8a3cba8e1993ff31c64d1305bd4dce6225a4c4a76490b75dfc6c2ecc","sha512":"de8bd6e32a38618ccbd7654570587818f6b1a5727c201e403dddbbbe2847ef2ebad2ad6d1a8d20062938cc61a6aac6157f7a4ae0a9f1e0a0df6020136d8fae4a","ssdeep":"6144:2p7UFVY4xQ0gYaIqySICl1Y32x+Hpl9Sge69MkevI6RSoLn1/GNoJvOrnKYmn:nFVYmHplB9MkeA6bnOxG9n","tlshash":"a225c770b30e513e2e3be13d56c19b9c6f58fb46dc019a53f581e8184dc3be8296692e","first_seen":"2026-07-13T00:29:37.509224Z","last_seen":"2026-07-13T01:30:02.351343Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1513,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1513,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/favicon.ico","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:28.531Z","timestamp":1783906168531,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:26 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nlast-modified: Sun, 12 Jul 2026 07:29:46 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16958,"size_decoded":17286,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"e49fd30ea870c7a820464ca56a113e6e","sha1":"38ccc3603a8bc74ed3f7491222c9d50e73aa421a","sha256":"148ce319907e947199c93f77c9317c0b166bc17d77d6cf6378f8374e8d2fb1a2","sha512":"9c5abc3d0056b229123b88319e42ccfdc9220b43990074354035d4d174d14a09159ed3b8e871e79b060fe32028abaa3c1ff93322b3a196d7b53bb41ac392d027","ssdeep":"48:dUeAgfx5VGYXKtijpwhZCJvzpfrXuUEdwRuL9Oar6dRGwRHhrOakA48:mSLVbKt2bvzZqU6wML9Oar6DNgQ48","tlshash":"ab729d70bbbcf501c4ddc5b100b5b65ab1aa1e23a1e43c09b3f5b0e022753a65b9e9d9","first_seen":"2023-06-01T00:10:52Z","last_seen":"2026-07-13T01:30:02.351976Z","times_seen":378,"resource_available":false,"data":null}},"time_used":2868,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2627,"receive":241,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aa.levan.cc/assets/tips-6378f99e.png","fqdn":"aa.levan.cc","domain":"levan.cc","tld":"cc"},"ip":{"addr":"154.222.31.202","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aa.levan.cc/","date":"2026-07-13T01:29:31.498Z","timestamp":1783906171498,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wsapp.levan.cc","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Jul 2026 06:33:33 GMT","end":"Sat, 10 Oct 2026 06:33:32 GMT"},"fingerprint":{"sha1":"B5:6E:97:18:20:1F:A4:10:1C:A4:BA:42:67:98:74:B7:C0:BF:CF:90","sha256":"F5:C9:AC:A2:00:D0:39:98:77:97:9C:21:B9:3F:1F:C1:E1:5A:B2:FE:47:F1:A6:B4:1E:2E:51:91:A7:23:A8:7E"}}},"request":{"raw":"GET /assets/tips-6378f99e.png HTTP/1.1\r\nHost: aa.levan.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aa.levan.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 13 Jul 2026 01:29:29 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 12 Jul 2026 07:28:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a534207-1b0a0\"\r\nexpires: Mon, 13 Jul 2026 01:39:29 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":110752,"size_decoded":110723,"mime_type":"image/png","magic":"PNG image data, 1267 x 713, 8-bit colormap, non-interlaced","md5":"4aeddab9f4e01edc8a90dced5240c934","sha1":"31c237d28841a7e63e56841e60b6847f33ab02aa","sha256":"6378f99e32ed42c0317c51a6fc8e95474cc4ab245c2c0f33b92cd30af250c50b","sha512":"c39c5e675b7e6adf23002d2be68a733eaefdfa0b82f92b17dbb079b3b24ed02d525d363cf91d9d853e025f7cec8d8c29ea792b571283ca0f1d2d3013112840cb","ssdeep":"3072:j/uuEBbAI6ldtqziuCGftCettVGllqGquj:QAdZm0llqNuj","tlshash":"90b312cc77169023e1e8affbe869ed48d7b315c31325cab67813f92a10e67d81d49489","first_seen":"2024-04-07T06:38:42Z","last_seen":"2026-07-13T01:30:02.352492Z","times_seen":152,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-13","alert":"Phishing Block","trigger":"aa.levan.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-13","alert":"Sinkholed","trigger":"aa.levan.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}
