{"report_id":"424071d8-5db9-41ad-b81c-c3a2caf0e948","version":6,"status":"done","tags":[],"date":"2025-11-30T12:42:06Z","url":{"schema":"http","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":0,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"title":"PornXP – For those who know the difference – PornXP","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":0,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-04T12:42:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"u3y8v8u4.aucdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ii.pornxp.tv","ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"domain_registered":"2023-08-01","domain_rank":0,"first_seen":"2025-11-07T19:42:46.378321Z","last_seen":"2025-11-07T19:42:46.378321Z","alert_count":0,"request_count":20,"received_data":431611,"sent_data":8687,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pornxp.one","ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-11-01","domain_rank":252546,"first_seen":"2021-09-17T06:55:36Z","last_seen":"2025-10-15T14:02:29.736642Z","alert_count":18,"request_count":9,"received_data":167264,"sent_data":3836,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"a.magsrv.com","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2023-08-01","domain_rank":51490,"first_seen":"2023-08-04T16:18:00Z","last_seen":"2025-11-24T11:22:52.341858Z","alert_count":3,"request_count":1,"received_data":186119,"sent_data":410,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"nrs6ffl9w.com","ip":{"addr":"212.117.190.210","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2024-05-10","domain_rank":166342,"first_seen":"2024-05-10T16:57:14Z","last_seen":"2025-11-02T19:19:48.471486Z","alert_count":0,"request_count":4,"received_data":161743,"sent_data":2921,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s.magsrv.com","ip":{"addr":"95.211.229.246","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-08-01","domain_rank":47665,"first_seen":"2023-08-04T12:48:00Z","last_seen":"2025-11-24T07:17:08.692206Z","alert_count":1,"request_count":1,"received_data":14460,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"u3y8v8u4.aucdn.net","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2022-06-27","domain_rank":57444,"first_seen":"2022-08-08T13:30:47Z","last_seen":"2025-11-24T18:55:30.947156Z","alert_count":1,"request_count":1,"received_data":4719194,"sent_data":545,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"pornxp.one/yall-2.2.1.min.js","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"5a31a632c9dea39104896a277861699d","sha1":"ed6b7f0e9264e057880332d5815f984dd27e9258","sha256":"4a343084a2fc2a420370b7217aacd24aeada2567f1137f74274ed80784ae495f","sha512":"de2ffa78d3b93761e386de2fdd7450c3b3eebf1f46ae100f9e0a8c64a21b7e97ffd1152c47ec889a30abb5eae0abf92560fffa4260a4b00c71150624537c2dc2","ssdeep":"","tlshash":"a86165dd3099b67fbca70673a1373346723a245ab44a04310979b2c96dbc8de962748e","size":3216,"data":"","first_seen":"2023-03-09T21:20:37Z","last_seen":"2026-05-24T21:24:07.336378Z","times_seen":224,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/jquery-3.3.1.min.js","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-27T18:07:57.456452Z","times_seen":131279,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"27cdf916776d712b1c812a8676529d6a","sha1":"8b73cb940b8e12027216ea42682d69075a3d01be","sha256":"58e86972f34a89771ae3cafc93a92345e22d613ef9c84308f5acb76672e3259c","sha512":"ff5ac553c3292a896e5f3e5e86ceab3e7d0ffa799ffbeda9370be5e2fd2869351f8f5929f2b7107416ebe6b8e0c045b715f6d75b6e86dca45434a7c906838b55","ssdeep":"","tlshash":"799002728b162d710255c625129cf7511fb9505310815412541444499cccb4540b58a6","size":52,"data":"","first_seen":"2023-03-09T14:28:16Z","last_seen":"2026-05-24T21:24:07.35217Z","times_seen":227,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"dcbe8d95a377293d67bfe5087ac2f35c","sha1":"112b467c9777853e344de70f338fc4e2cb5dcfec","sha256":"c8c019d2094cd223ca7873817efe9d3f41cbd5e2a806c89b9e38b9775b12024a","sha512":"28a664e46986e9e1b05670653a8c48a7c5f1333797f64cb65ac2b3bfc3d229c960082a125282ee050eef59a2a189aedba00c5d1f1c335deae1022bc95f71a581","ssdeep":"192:d4429H2aHPngRwtKIqcTzgJJW1sTSH5GfXVJAnI0oiGwmoxrPzJ9f5tlrhGOFaC3:dJYngRbIqcTzgJJW1ASH5GfVJAnIxiGA","tlshash":"754285903fd0790e23a78f75723bb5daf56e1c5a6549480bd109fcc0399a62bf9e1831","size":12192,"data":"","first_seen":"2024-08-19T17:02:03.842603Z","last_seen":"2025-11-30T12:42:10.348273Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/2.js","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2869bf0894a1a562221004f90eb219d","sha1":"f3641ce22f1ed44ad224fa0fbf1941e9327e1d19","sha256":"2b846d134d92f1642bdd22c7ee992c850b1dfaaed3dc8ee761368e7a58e66a11","sha512":"a11fee638479e2a42a9d75263afbaa3132d14ccd9662272dc22a2662546813122c67cf21df6a35d69146ed585e7f760bffd995ac8f17cca7d73721319b049d57","ssdeep":"96:axwPwGVBe7Sk1UqNvHiyokIzyogSIuFTVX4jVDR+:aGNngHoYo/FTVX4xDo","tlshash":"26a1a375335e504e81ab3390417b9608e93ce131d2e21ad8feaa6618d4d846807fffbc","size":4885,"data":"","first_seen":"2023-06-18T21:49:57Z","last_seen":"2026-05-24T21:24:07.348619Z","times_seen":203,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nrs6ffl9w.com/aas/r45d/vki/1942429/ecec41ac.js","fqdn":"nrs6ffl9w.com","domain":"nrs6ffl9w.com","tld":"com"},"ip":{"addr":"212.117.190.210","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"768cb3c6da14c5dafee604eba48a7bfb","sha1":"c0012bdbcb525d5317a691c304b2bf3e8fb88c1e","sha256":"f13b1748fdde708715e4a044945b808e9aefada5e5202597949492c4bafa3076","sha512":"fb2ee2d38440dd5141fce87835bbd9438cdbf0db0cde0a4c42d16fe3275e030d5e6403cd9b6a7e25a11a0f37f390ae217da902a6ec078eddd7e13ac9ecf3663f","ssdeep":"1536:ihm/h+NvH4zbefwuyzXnxscrHkBOQTUOEmpGIxiExSkGUU7uXLJt7mMoIaNE2nja:iLJRXrsmp2kfmMyNEeG","tlshash":"a7e3858ea6ca61351273a02e042b3e37667d9cd1bccf0401d077d98e597684bd7b2bb9","size":154131,"data":"","first_seen":"2025-11-30T12:42:10.324059Z","last_seen":"2025-11-30T12:42:10.324059Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nrs6ffl9w.com/get/1942429?zoneid=1942429\u0026jp=_clngmwcsblahlnlbavybin\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.642\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=y6g4OQpQqCqP8WqrIc25C\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=c5moAavaHR0cHM6Ly9wb3JueHAub25lLw\u0026afid=8559887999457280\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=722\u0026rlp=%5B0%2C14%2C113%2C72%2C498%2C829%2C345%2C712%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"nrs6ffl9w.com","domain":"nrs6ffl9w.com","tld":"com"},"ip":{"addr":"212.117.190.210","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c06b3d2811ea2fab9e86b587631579b","sha1":"dabfa32fcd7e3df0dd5cfb9cc07f55504ac8a9c3","sha256":"d62cd841c4665392370c89017381aa3fb5dfe1dbe73a7be70a2ebbe9fe3e247c","sha512":"8b25d8388838c55d6d9df67177290063f0a2e72f887186600a8571befd97c80e368093806bb53dfa27e5e1eb1f6c8850865c787b190ebab705f9905091b22fc7","ssdeep":"","tlshash":"386130e010c9a780b5177e0bc4b50c7e7f1bb4a59d8ea564bc40de593e044fea2d5c98","size":3209,"data":"","first_seen":"2025-11-30T12:42:10.294398Z","last_seen":"2025-11-30T12:42:10.294398Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"590c9ad314280a92731db25271ef39ee","sha1":"9a8cab65a9b186405cca4b9c0c805f9bbee60501","sha256":"1f2e73922c1fe44a5f33954223c169cb2a8191a1889de8e48a9a5495d332c6d4","sha512":"7d99f02c71db65c2c5a4f63715d6905d6fc587ea549a5f65f0f06f791a2c6c2b5e2aa499fa780cfe96bd9dd70e1be95115f61b945fca86527c4ecbffcae0639e","ssdeep":"","tlshash":"31b0120bc8a8a46b192070764c83031512cf4644625131d503f5530040e3838634fc02","size":95,"data":"","first_seen":"2023-03-09T21:20:37Z","last_seen":"2026-05-24T21:24:07.352758Z","times_seen":202,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4440a74d0856fbc5525e4b574c565998","sha1":"92458ede97f01365a25993d70b80e11b0ef26d77","sha256":"6f4e087f57b5d5942374b58814e5fa6f6d1445b27db58fa75a08750675e62187","sha512":"7c0dde1adaaf3b1c56abf9f5b3069b77d127a2c1af1ccf49c3de07e94b75350bc3babd138aef2acdce6ffe90edee3fb597ee97d4fbd2c3bcaf369d4201fbbde9","ssdeep":"","tlshash":"ced02b2eb815a524511778f2bd3ed81cb40a505cb5449445054bd424e671eff4c4eccd","size":274,"data":"","first_seen":"2024-06-16T12:16:45Z","last_seen":"2026-04-23T20:30:09.329311Z","times_seen":82,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"d92a5f5aaa5cb972e18a3886a9838952","sha1":"88a90b4969cdb377be11e515f53ed8af720ba149","sha256":"563ff9e65da46f4d8fdb1517f3c1dce9e63f9f16391d1b2f0bf7c15c33e6df68","sha512":"9e24fdc7c05d6f7cb273cc31dbf326186134c4ad5950a55ff09354c0fe7ad6e41e8b1183eb483f9f0de6e7d5ff2aa73cf82d3c3fbc572317dd70005f1c5917d9","ssdeep":"3072:5B3fUg+28VOk2DG2gjKzElwnRlqI1fsBHisGEolY4o/CXMXpo:D7+28VOk2621ElwnRjfs4s7hpo","tlshash":"00045c993792307441d3a11da9ff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185607,"data":"","first_seen":"2025-11-25T14:43:10.663757Z","last_seen":"2025-12-02T09:18:34.719134Z","times_seen":264,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ii.pornxp.tv/2552541264296.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /2552541264296.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 24380\r\nlast-modified: Sat, 29 Nov 2025 21:11:07 GMT\r\netag: \"692b616b-5f3c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24380,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"e48ccdad082b64109032b0d1772235a5","sha1":"30a7baa507822bb013c9e8960c8b863c067f0fd1","sha256":"03a2789c0881f48733343b24778955ffd483368f2e923ad72ef899d033361570","sha512":"dde35e291198fb3e554b7620f38c8fae7cbec73f4997fc80eab57bbbd95690f10d5073706adead2828502bee963ccd58bef1cfd1eba1b45edcd5584278ab2eae","ssdeep":"384:9f0R6WDv9Z9GWUkZsutZIX8CKrdjiSnSgv0f22QS8J/pmc3DRHluPqK7DDH:2R6u9Z9+kX+83rJiSSgGQz/7QPqqj","tlshash":"b3b2d07c1f300a777d6cd1326354a62cdd5a970f17486e1f4413aad227e8ad18a9bd13","first_seen":"2025-11-30T12:42:10.283122Z","last_seen":"2025-11-30T12:42:10.283122Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/2.js","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /2.js HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Sun, 05 Feb 2023 13:21:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63dfad5d-1315\"\r\nreferrer-policy: unsafe-url\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4885,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"d2869bf0894a1a562221004f90eb219d","sha1":"f3641ce22f1ed44ad224fa0fbf1941e9327e1d19","sha256":"2b846d134d92f1642bdd22c7ee992c850b1dfaaed3dc8ee761368e7a58e66a11","sha512":"a11fee638479e2a42a9d75263afbaa3132d14ccd9662272dc22a2662546813122c67cf21df6a35d69146ed585e7f760bffd995ac8f17cca7d73721319b049d57","ssdeep":"96:axwPwGVBe7Sk1UqNvHiyokIzyogSIuFTVX4jVDR+:aGNngHoYo/FTVX4xDo","tlshash":"26a1a375335e504e81ab3390417b9608e93ce131d2e21ad8feaa6618d4d846807fffbc","first_seen":"2023-06-18T21:49:57Z","last_seen":"2026-05-24T21:24:07.348619Z","times_seen":203,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/logo2.png","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /logo2.png HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 8757\r\nlast-modified: Fri, 03 Feb 2023 10:29:09 GMT\r\netag: \"63dce1f5-2235\"\r\nreferrer-policy: unsafe-url\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8757,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 477 x 80, 8-bit colormap, non-interlaced","md5":"80153ece7afdbed5fdb8616d0f3fc1cd","sha1":"58a4db8d214ad610b61f781a0e993a24e495a447","sha256":"dc936b37326639ee2984f578f2ad056bb08837f0d945e04913951635b4ac7af2","sha512":"d2bdc9ba30da28f8ebd4785e3d6aefe6dba365458c56ace94f7a64cc092eb25c2a815651343fe9039db85ed9fabb6ed6652a0742bbfc57832f689754fc76e9f0","ssdeep":"192:TVxRcrQh7PcGHVoMF6fxStjvCnodeJ5QS2WEXso9ckI11mmM:xJFcG1ixStIod65QS2WEcwmM","tlshash":"34029ff17272fe9650367557553cc6ea8b0a2df747024cb320cfb2b996f720082a06d9","first_seen":"2023-06-18T21:49:57Z","last_seen":"2026-01-30T07:20:15.147302Z","times_seen":153,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/3907261764560.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /3907261764560.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20538\r\nlast-modified: Sun, 30 Nov 2025 07:42:01 GMT\r\netag: \"692bf549-503a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20538,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"d9f9a1a1c6b92d33e52b020aa92117b2","sha1":"bd70637cdc58e258c45e560ce40ca8094aec6a8d","sha256":"97b9bad8ee9f4cef9afd58bfd3989f4c8ed52cfcae4d4b3005c7a43f93949340","sha512":"32ca725e326543edef0d086bb29f8184f5ea7493c6b080d00fee869ccc618237bf065b186f268f61f2000c663d6ac2b358ece9e1a463f4c854bc7f61b4c284fd","ssdeep":"384:u4Hna1O464SSAzSqPCkEg+xoXE1dyWX091m/FAeQDkKjVwFib+XZlYbI:tH8SzSsEg+xoXE1sWX0vm+P51yyI","tlshash":"6d92e0a2b6725dad9fd3ba2becef2300d0d947b1ddc8536d10ef6a84112424917f6810","first_seen":"2025-11-30T12:42:10.290836Z","last_seen":"2025-11-30T12:42:10.290836Z","times_seen":1,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":54,"dns":10,"connect":14,"send":0,"wait":14,"receive":14,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: application/javascript\r\netag: W/\"88a90b4969cdb377be11e515f53\"\r\nexpires: Thu, 27 Nov 2025 18:26:16 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3hwMAAAwBuUwKDAH3BAAAAAwBw7WvFwG3GQAAAA\r\nx-77-nzt-ray: 2a494a1568370e82ab3b2c6937b6b62a\r\nx-77-cache: HIT\r\nx-77-age: 903\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185607,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39248)","md5":"d92a5f5aaa5cb972e18a3886a9838952","sha1":"88a90b4969cdb377be11e515f53ed8af720ba149","sha256":"563ff9e65da46f4d8fdb1517f3c1dce9e63f9f16391d1b2f0bf7c15c33e6df68","sha512":"9e24fdc7c05d6f7cb273cc31dbf326186134c4ad5950a55ff09354c0fe7ad6e41e8b1183eb483f9f0de6e7d5ff2aa73cf82d3c3fbc572317dd70005f1c5917d9","ssdeep":"3072:5B3fUg+28VOk2DG2gjKzElwnRlqI1fsBHisGEolY4o/CXMXpo:D7+28VOk2621ElwnRjfs4s7hpo","tlshash":"00045c993792307441d3a11da9ff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-11-25T14:43:10.663757Z","last_seen":"2025-12-02T09:18:34.719134Z","times_seen":264,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":43,"dns":19,"connect":4,"send":0,"wait":9,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nrs6ffl9w.com/get/1942429?zoneid=1942429\u0026jp=_clngmwcsblahlnlbavybin\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.642\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=y6g4OQpQqCqP8WqrIc25C\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=c5moAavaHR0cHM6Ly9wb3JueHAub25lLw\u0026afid=8559887999457280\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=722\u0026rlp=%5B0%2C14%2C113%2C72%2C498%2C829%2C345%2C712%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"nrs6ffl9w.com","domain":"nrs6ffl9w.com","tld":"com"},"ip":{"addr":"212.117.190.210","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nrs6ffl9w.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 22:22:36 GMT","end":"Fri, 23 Jan 2026 22:22:35 GMT"},"fingerprint":{"sha1":"78:6D:D5:0B:83:C1:7C:B2:BF:C2:F3:03:37:9D:83:33:00:E3:DB:D6","sha256":"68:06:51:46:2D:42:77:AB:D5:B3:3B:C7:F9:15:2A:E3:D0:6C:B7:28:4F:50:D9:FD:43:18:62:C3:A0:E2:5F:06"}}},"request":{"raw":"GET /get/1942429?zoneid=1942429\u0026jp=_clngmwcsblahlnlbavybin\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.642\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=y6g4OQpQqCqP8WqrIc25C\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=c5moAavaHR0cHM6Ly9wb3JueHAub25lLw\u0026afid=8559887999457280\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=722\u0026rlp=%5B0%2C14%2C113%2C72%2C498%2C829%2C345%2C712%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0 HTTP/1.1\r\nHost: nrs6ffl9w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-route-id: config\r\nset-cookie: CHCK=1; Path=/; Expires=Sun, 03 Jan 2027 12:41:43 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Sun, 03 Jan 2027 12:41:43 GMT; Secure; SameSite=None\nUID=2511300741c8f48faa7308444b9a69f31c78; Path=/; Expires=Sun, 03 Jan 2027 12:41:43 GMT; Secure; SameSite=None\r\ncontent-encoding: gzip\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3209,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (3209), with no line terminators","md5":"4c06b3d2811ea2fab9e86b587631579b","sha1":"dabfa32fcd7e3df0dd5cfb9cc07f55504ac8a9c3","sha256":"d62cd841c4665392370c89017381aa3fb5dfe1dbe73a7be70a2ebbe9fe3e247c","sha512":"8b25d8388838c55d6d9df67177290063f0a2e72f887186600a8571befd97c80e368093806bb53dfa27e5e1eb1f6c8850865c787b190ebab705f9905091b22fc7","ssdeep":"","tlshash":"386130e010c9a780b5177e0bc4b50c7e7f1bb4a59d8ea564bc40de593e044fea2d5c98","first_seen":"2025-11-30T12:42:10.294398Z","last_seen":"2025-11-30T12:42:10.294398Z","times_seen":1,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-30T12:41:42.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nreferrer-policy: unsafe-url\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":45530,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (45001)","md5":"d18deecb3035ac3e89571cd426b1704d","sha1":"fb1adc02246f9ba93dd86d6858fde4a82f78a48f","sha256":"cbcff7e7717fd1bbde9583e2fd15f6a8e29f6f8758f8150c13e70c8eb5329acc","sha512":"f00d669d22047f311ffa3a1096c1c4275c57dced1714667bac250d3055ca2261110775e70fd41c5210533fb32a5a4bda6c1015a4e0362724e616966d5d647870","ssdeep":"768:FxdgUnfKbYTnfHFDnX8KjvvvgJdNPn88xRwvB0ySUr0gOM8h6AKDcxo0JYngRsqP:FxdgUnfXTnfHFDX8Kjvv0nPn88xRwvB+","tlshash":"681343311685a43e037327957363b26ee147a2bbcb030f15a269dbc3cfc6e65d8a4476","first_seen":"2025-11-30T12:42:10.296775Z","last_seen":"2025-11-30T12:42:10.296775Z","times_seen":1,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":64,"dns":6,"connect":17,"send":0,"wait":51,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/images/fluid_spinner.svg","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /images/fluid_spinner.svg HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 524\r\nlast-modified: Tue, 19 Jun 2018 16:14:22 GMT\r\netag: \"5b292bde-20c\"\r\nreferrer-policy: unsafe-url\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":524,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4d3a5a20cbed50d03c706a5d9932cc38","sha1":"6f290bd24997652dca26a9cc9997c5641572c46c","sha256":"34ce60428c44281f2105bb322cf052f482cb453076cd13fd344eabb748bff38d","sha512":"b1e4a0857ffc05afeea0031eb85436e480765e2400bcfc8ea4be085d93de21fbd6e9662ed6441db416f1a2448e50183a34bae3077aa3d98e0cbe69f3b869bf94","ssdeep":"","tlshash":"40f0c034c5649c5f63068a90d3cc4c08165cd7c2510180feba4c69376f58e9eec5794e","first_seen":"2023-05-21T12:54:22Z","last_seen":"2026-05-24T21:24:07.305603Z","times_seen":238,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/2417609164189.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /2417609164189.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 38066\r\nlast-modified: Sun, 30 Nov 2025 09:14:53 GMT\r\netag: \"692c0b0d-94b2\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38066,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"6768688d33a6c944daec23476a11bd7a","sha1":"659c258bec9077f7cf0e2448359f829ed29d76be","sha256":"7dd4b47c983288cc9c7c138e25e3957acba984780280c8468eed2dd36ce7101a","sha512":"9be56f7848de9314ac4c49962cc2073465f04a55072bd3237f086446ea98a031edd7cc755819a25b7cba6e9f6097bbabb38f7a781c70f0a8bde3c29a96f64291","ssdeep":"768:bpXjZsScButIit7kUV8Mi7fdZvj1ywYi8EJvPlYk/ph7AElmMmB:bgIVI7vj1qHEJvPlYkrLZa","tlshash":"4603f2e9da815f7fe53cf561ba451ff61b8cea14c98e00c0a2d9eaff131419b66111b0","first_seen":"2025-11-30T12:42:10.300391Z","last_seen":"2025-11-30T12:42:10.300391Z","times_seen":1,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/9070754564400.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /9070754564400.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14406\r\nlast-modified: Sat, 29 Nov 2025 21:04:41 GMT\r\netag: \"692b5fe9-3846\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14406,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"9aa62fd254230c364266b7bc0ef32180","sha1":"e8436d4fe85898dc9c54ed41ae06ea1a4ba97a90","sha256":"18294dd2e9f6e45ae287b2196d2c6e60ec1e186efc9e64225812ffaed2afb229","sha512":"6a84a43a71c6af0005d05538e7431a78e625bbbe8558c9dcfb91c8a22ead4307d0d33e3e1b2d556bc3798387f3c23c9233ad3024cedbfa77ec4d8eeeeaf2be2a","ssdeep":"192:SKcG+rFQQ4vx7CkWL2ac3r5Z06XFCLXCFa49+2Wp2ef6Q9kBbzpBPtbYmw:GXOV+k08r5X8LSEC+SeiT5z3VbBw","tlshash":"8952c0d32bb942a2b14085154ec5c529f313c9fd8623d7648aa333d4ef7a0c7597922b","first_seen":"2025-11-30T12:42:10.302303Z","last_seen":"2025-11-30T12:42:10.302303Z","times_seen":1,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/1083262364980.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /1083262364980.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18273\r\nlast-modified: Sat, 29 Nov 2025 21:57:29 GMT\r\netag: \"692b6c49-4761\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18273,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"4db9d502b7aa2a086e051f69c6d07868","sha1":"bca805accccba18b79941304472cbc221f693108","sha256":"c8f5b8b4031d145f3939cfe31f06bd28f59a7645e5485e7aee91ebae625f2bc4","sha512":"03ab9c1fa0fc54c483c3f01e309aaf585f74e8cb2747c622f16bda49ddb4be6513dcd56874a23f013ce70c5b66ac35aca05d79b517b2733b13c033d347d198ca","ssdeep":"384:qj3hIVQ9okh+y974+ZucbgNvrpyOAjuP6zEwa3qmHwaI4mgKXCHFF8v15uU6:ei8oJEzucENj5nPwoBHJigKXC721Q3","tlshash":"9682d027e5c3e6b197d1902a0b7fb3d66db7d573a0cbad97758a138031588c71090736","first_seen":"2025-11-30T12:42:10.304614Z","last_seen":"2025-11-30T12:42:10.304614Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nrs6ffl9w.com/solid.gif?z=1942429\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.642\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=y6g4OQpQqCqP8WqrIc25C\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=c5moAavaHR0cHM6Ly9wb3JueHAub25lLw\u0026afid=8559887999457280\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=722\u0026rlp=%5B0%2C14%2C113%2C72%2C498%2C829%2C345%2C712%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5","fqdn":"nrs6ffl9w.com","domain":"nrs6ffl9w.com","tld":"com"},"ip":{"addr":"212.117.190.210","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nrs6ffl9w.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 22:22:36 GMT","end":"Fri, 23 Jan 2026 22:22:35 GMT"},"fingerprint":{"sha1":"78:6D:D5:0B:83:C1:7C:B2:BF:C2:F3:03:37:9D:83:33:00:E3:DB:D6","sha256":"68:06:51:46:2D:42:77:AB:D5:B3:3B:C7:F9:15:2A:E3:D0:6C:B7:28:4F:50:D9:FD:43:18:62:C3:A0:E2:5F:06"}}},"request":{"raw":"POST /solid.gif?z=1942429\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.642\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=y6g4OQpQqCqP8WqrIc25C\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=c5moAavaHR0cHM6Ly9wb3JueHAub25lLw\u0026afid=8559887999457280\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=722\u0026rlp=%5B0%2C14%2C113%2C72%2C498%2C829%2C345%2C712%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5 HTTP/1.1\r\nHost: nrs6ffl9w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pornxp.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-route-id: stats.tag.loaded\r\nset-cookie: CHCK=1; Path=/; Expires=Sun, 03 Jan 2027 12:41:43 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Sun, 03 Jan 2027 12:41:43 GMT; Secure; SameSite=None\nUID=2511300741069d3d7df2404084a71994811a; Path=/; Expires=Sun, 03 Jan 2027 12:41:43 GMT; Secure; SameSite=None\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"28e463819a210071de3b45ebe7633613","sha1":"6dccd571828ec0912629119cf7eabfea9f33ddbc","sha256":"44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84","sha512":"8a82ac5a7883cd9b74bdb561cf825ce86474e259ad8c445e538d697b0003e3f2b1d6edcd3dc6512f4ad16e9074da204a79938257c457ecf68f4329eac0182e67","ssdeep":"","tlshash":"04900003e280e082c3a0c0300e0ccb802b88a2308a28030fb0fc2baefc3a3a20c23000","first_seen":"2023-04-05T09:26:54Z","last_seen":"2026-05-27T16:19:26.538739Z","times_seen":21915,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/41018469641428.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /41018469641428.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20447\r\nlast-modified: Sat, 29 Nov 2025 21:25:17 GMT\r\netag: \"692b64bd-4fdf\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20447,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"5d0a8f19e3bc1e44fecb58a5b9cfe4ca","sha1":"bd800ebc5a1b6ed09964dd91fd702d65ed41f961","sha256":"fca3e704aa75fda53325ae5bd8a69274a53e34c51b618428aae33ba77bf94e75","sha512":"63a5bd06fa3292417d39bc8bc5a031d552ec52c267b5d4d7d46b030714085c04a79cdfa08ba5d5ec310eb4c8680438b84417e6d14601b7a36bf0697ce3ce44e4","ssdeep":"384:PgWXKPl98yJHVbUKE5CvpLgbFUA75r+Gh9aTFjPdA7w8dGbUk:6xHVgKEQgbKWPaT5d0yUk","tlshash":"aa92d152bdb580586c429df1071afdfee7a155bea211cf12c81bc6588feb1c35311ae2","first_seen":"2025-11-30T12:42:10.307799Z","last_seen":"2025-11-30T12:42:10.307799Z","times_seen":1,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/1608652564481.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /1608652564481.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25398\r\nlast-modified: Sat, 29 Nov 2025 20:11:48 GMT\r\netag: \"692b5384-6336\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25398,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"5c52698b03c73963f7506bf17d24b439","sha1":"13fcce74265e389d3ca49b5deed8a770a8bea1c2","sha256":"455787e3235242745e300876c7918e537d105632e3ac8c48e25ec86b6acd874e","sha512":"698aab129dc8b2c7bf459515bcc64c21f8a303ab65f0c6967fcc60d9181deab2b2c022e4c5222c222addaee2b0d705b4a83e4291dd2e66baad92ba95430b6f39","ssdeep":"768:Gush8SPP8ber/idZcymYYysQjR1GY2Acqox:Gush1C8/YZbmYiMbGY2AKx","tlshash":"32b2f17d92379f002a07a2e65c2c86d86ec0e575acba8f51aa5bfa4d0892bf1401f547","first_seen":"2025-11-30T12:42:10.309852Z","last_seen":"2025-11-30T12:42:10.309852Z","times_seen":1,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.246","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 398\r\nOrigin: https://pornxp.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":398,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://pornxp.one/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{},\"id\":5316548,\"extra_params\":{\"first_request\":true,\"zone_type\":31}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 30 Nov 2025 12:41:43 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://pornxp.one\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22895cdf76ffd3070c1d42bb92797bb566%22%3B; expires=Tue, 30 Nov 2027 12:41:43 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13888,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"517c3ca7a30c3325e152e62701a70218","sha1":"9c0347f230d2a7f2e225ecd8ad30eb67303cf4fa","sha256":"49cb13ce8656373442b6aaf25a6f470038950eaff84faa84233703388439743a","sha512":"bbe25abde74f9ff5e636db14f97619dbe77bb30b65c37a8259c59bb1d51314da55d1c7d20d2742e4e3227b82a5d975ef95e74536cfd80c5365b24071ab9ee7b7","ssdeep":"384:GiFGV74WMiFGV7yiFGV7XiFGV75iFGV7AiFGVIhnzz3F:P08W50n0Q020Z0uf3F","tlshash":"53520a34b049c11f6a99c5f546032adeda855f2d8985cfebeac408343cf187f7659632","first_seen":"2025-11-30T12:42:10.311992Z","last_seen":"2025-11-30T12:42:10.311992Z","times_seen":1,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":39,"dns":0,"connect":27,"send":0,"wait":56,"receive":1,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/3026760464462.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /3026760464462.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17804\r\nlast-modified: Sun, 30 Nov 2025 08:31:47 GMT\r\netag: \"692c00f3-458c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17804,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"2c2dc8e599a606c9026a3a531ccaf86b","sha1":"503a36c225ae84ae323e0216be0bc2019f80f5a0","sha256":"240e1d4012a1e86c824fb58887a0d47cc227dfaecff7ccba524c51245d208c75","sha512":"bc7faf0ef8c4396202b768a52865ee9a3889861b3262b8b381ae074c592341da0914232919ab918439a7f7cd2c9714fa6bcb78e6e017d60d7a8a4e255dafce5f","ssdeep":"384:ckznb1+78aWYyDqBa+vafNDtUEjjgpzGwok9F2wibvG8Qt:R1XDhDqQ+mD98GwokT2ww/Qt","tlshash":"fe82e0c33a0957a2df8be0c8d84aeca27ef4d6a07d903d6a4ab339315574e56d10284b","first_seen":"2025-11-30T12:42:10.313745Z","last_seen":"2025-11-30T12:42:10.313745Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/54967315642093.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /54967315642093.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 21425\r\nlast-modified: Sun, 30 Nov 2025 08:02:01 GMT\r\netag: \"692bf9f9-53b1\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21425,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 639x640, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"4b83015ce6d03264637024ee78f29483","sha1":"6967a8c29c10db8acf98e4fc028ce2c767b3c87a","sha256":"05715185cf5defa9b2f83d7189579bfdb82cd6bb82c7b0e6133b93df29889640","sha512":"5372f3194ec858605dd6452c02cf1ff7673fdaea3f1e0e4ab603d9a6f47e85977e5092b09685a85a860aee9a59a542290ca2435a1950b342dd68346157aaa3cf","ssdeep":"384:Z+G9Iw1+6kfKVYd5s7Rc1NxJNLZfcG8TC+w4iAkZUYV7t+CYZKZJrgUbSXwt3Wne:l9Iw1+6kfKad5s7RAXfcG8Tdw4eZt/+U","tlshash":"bea2e0b518a59623f33015fcc91600e74da132521174eb3f4bdfe8fe6878b2a3b4a15a","first_seen":"2025-11-30T12:42:10.315661Z","last_seen":"2025-11-30T12:42:10.315661Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/58517900643040.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /58517900643040.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20013\r\nlast-modified: Sat, 29 Nov 2025 21:46:28 GMT\r\netag: \"692b69b4-4e2d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20013,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"c54b5772ea8a5a4d04712048f55546ab","sha1":"a112a1a37e7b5549e7235cb8fb3091621e2a3e36","sha256":"b3ed9c19ad2bb34be6f901420503fb9815e044e2e814d154ac0f3a1b58fed05f","sha512":"13e4d0a4f25b3d4457ec538dddd7317aedc08f3e08e4916de8983d7a881160a53465803dfe3a85fd6607cc34f7836b9239f9a970da16356c364e7ab7c08c7200","ssdeep":"384:XBo3VXHWs1CQQHuwsQCoSRYjbEVkXoufgc0T8z3mUyv5AMAFvrK35Ik+J8HOa58v:XSHj1CAECpYjP4uILTW2zvNAFvrK35I5","tlshash":"c092d19e4dc61f58e0806ff22a36bd3e67ead70f815da381547b6c504295c3ce6a3285","first_seen":"2025-11-30T12:42:10.318309Z","last_seen":"2025-11-30T12:42:10.318309Z","times_seen":1,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/favicon.png","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 5418\r\nlast-modified: Thu, 05 Jul 2018 15:45:08 GMT\r\netag: \"5b3e3d04-152a\"\r\nreferrer-policy: unsafe-url\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5418,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit colormap, non-interlaced","md5":"9aef0e34db77d26f58ecfa4f218d96e4","sha1":"591c73f7e650d9259aa27bb05d2fec597fa9f3de","sha256":"d01f788f16e7baebb4198c40f73d88950168c56c5cab8c6782251e92180b78e2","sha512":"0b5baef724dcfc6165f16d9aad74efd4c6b8e8884b7fd0432bbcdd7490e091494e5b618a812ee5736a6f54304c70af470d9eeec8dfb2e4ddc9fc2111641a1299","ssdeep":"96:ye6VkuvMg+683fJjRKkekOquex6vvaSLMYYHYf/pJvmdKbj/Jnuz91OoG:Ok5VhjRK4O+w7LPBJvDbjRnm2L","tlshash":"65b19ef851285681fafe78b443473ae16d02858064c8ec898d3b12213defa6c07dc3db","first_seen":"2023-06-18T21:49:58Z","last_seen":"2026-05-24T21:24:07.345829Z","times_seen":226,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/6845616964638.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /6845616964638.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19013\r\nlast-modified: Sun, 30 Nov 2025 07:49:31 GMT\r\netag: \"692bf70b-4a45\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19013,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"5987ad031322672092569c3834ff3b72","sha1":"dbfb35afa32116ff22791f0fbc52ba5d2ada3d1f","sha256":"76fa9a60eb2da81e6c8c2c3a933c8f14f42915168acd80009bf183baff2e24ce","sha512":"a754f8fdcd263913015615087b1b5d5dee51474e9e18190ce9e9a3c2363afb30c69e2d6f04a76ebdf538298a2cd63afeab31a08f38c135ca0d486ae2427dcdc3","ssdeep":"384:5sbcpsUUfyz2+c5evx4fIJQp0QGMCuDhPcHAi86bCvpoLqkSQ:oca9Zj5evxxQelMpDhU15Ceqk3","tlshash":"bf82d01d2f0871aa7d112eb389bc1e525dd67fca9ca5613f559ec4edd88229c8fa4800","first_seen":"2025-11-30T12:42:10.321919Z","last_seen":"2025-11-30T12:42:10.321919Z","times_seen":1,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":58,"dns":11,"connect":17,"send":0,"wait":24,"receive":13,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nrs6ffl9w.com/aas/r45d/vki/1942429/ecec41ac.js","fqdn":"nrs6ffl9w.com","domain":"nrs6ffl9w.com","tld":"com"},"ip":{"addr":"212.117.190.210","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nrs6ffl9w.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 22:22:36 GMT","end":"Fri, 23 Jan 2026 22:22:35 GMT"},"fingerprint":{"sha1":"78:6D:D5:0B:83:C1:7C:B2:BF:C2:F3:03:37:9D:83:33:00:E3:DB:D6","sha256":"68:06:51:46:2D:42:77:AB:D5:B3:3B:C7:F9:15:2A:E3:D0:6C:B7:28:4F:50:D9:FD:43:18:62:C3:A0:E2:5F:06"}}},"request":{"raw":"GET /aas/r45d/vki/1942429/ecec41ac.js HTTP/1.1\r\nHost: nrs6ffl9w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Wed, 26 Nov 2025 07:39:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6926aece-25ad3\"\r\nx-js-ab2: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":154131,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"768cb3c6da14c5dafee604eba48a7bfb","sha1":"c0012bdbcb525d5317a691c304b2bf3e8fb88c1e","sha256":"f13b1748fdde708715e4a044945b808e9aefada5e5202597949492c4bafa3076","sha512":"fb2ee2d38440dd5141fce87835bbd9438cdbf0db0cde0a4c42d16fe3275e030d5e6403cd9b6a7e25a11a0f37f390ae217da902a6ec078eddd7e13ac9ecf3663f","ssdeep":"1536:ihm/h+NvH4zbefwuyzXnxscrHkBOQTUOEmpGIxiExSkGUU7uXLJt7mMoIaNE2nja:iLJRXrsmp2kfmMyNEeG","tlshash":"a7e3858ea6ca61351273a02e042b3e37667d9cd1bccf0401d077d98e597684bd7b2bb9","first_seen":"2025-11-30T12:42:10.324059Z","last_seen":"2025-11-30T12:42:10.324059Z","times_seen":1,"resource_available":true,"data":null}},"time_used":135,"timings":{"blocked":52,"dns":10,"connect":18,"send":0,"wait":20,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/66993937641458.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /66993937641458.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23028\r\nlast-modified: Sun, 30 Nov 2025 08:38:58 GMT\r\netag: \"692c02a2-59f4\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23028,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"c5b32e9c403946e17fcdc44706ea0982","sha1":"7a8a96b8615bbab281043e13201ff70125707d1f","sha256":"bd206aaa301386ba3eabc83497f4b94e566da8d4bd6bfce8347e8a105626786e","sha512":"0fa0312a8fc4c8268cb8ab46a5e2a40931639702abc03f6bf16bd87612b8e361954080994966315848acd54992de977c9da721932386998a06e6d40e8e318fe9","ssdeep":"384:HPir2QXhMywWeik54RfupeEQ25SDvV8TAnRC1zSP039ZSDSvAO7Lr77g77X14b:vih2WQORfupeQ5SDyEnRcSPAQOvzP/71","tlshash":"22a2f19bc889c3a8bc96cf77daf9b523ebd10b12b03d01454060ab8d9d3ca619757670","first_seen":"2025-11-30T12:42:10.325906Z","last_seen":"2025-11-30T12:42:10.325906Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/2.css","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /2.css HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: text/css; charset=utf-8\r\nlast-modified: Sun, 05 Feb 2023 12:53:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63dfa6da-24c7\"\r\nreferrer-policy: unsafe-url\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9415,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"8ec6b41f8fc51b0cc4da7b2c95e473f0","sha1":"92bd45c3617388dbdf05ddb63bb9649f314def79","sha256":"773e22bc5e1eed3aa30cd1d3b40e21168827afcc9d9bb95240dd45344abf0b8d","sha512":"5af61f9ba1b1367ef7500230b5fe0c3fc86161937b45874200bba2a3483c36b90c006db213e6c5df2cd59826b6a0264447e20f150033397d4e365ebd80c70c2a","ssdeep":"192:7qRmgjzuzJMqUAtJVvpv9dVqoIY2N/AEDhAVNW/joFJHrFFQ/C:5UqUAtJVvpv9dVqoIY2NYOqVNW/0FhrT","tlshash":"b912a8b5dd94308da3137b41b7b10779ae7840b9cf4f466ef570a238e3964ad22312c8","first_seen":"2024-08-19T16:16:55.483314Z","last_seen":"2026-05-24T21:24:07.330887Z","times_seen":128,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/search.svg","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /search.svg HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 218\r\nlast-modified: Fri, 13 Jul 2018 09:42:37 GMT\r\netag: \"5b48740d-da\"\r\nreferrer-policy: unsafe-url\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":218,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e0cc67ce4a6ccb908511326c6c9b770b","sha1":"a441dcbc07984e8e37d973f5025f2868b583189d","sha256":"67334bf1de1c9ff1d472f2337a8a154c8278cf4c0ff467a6dcd10bcea4754575","sha512":"8ec6bae639e0f2809f82da6b63c916dd2995f5fd5e198a73165cd743151d4c8fec80ce34f9c59923a9f6d7ecf7492907f05b48a5940fbc13fa81b7bc1158d010","ssdeep":"","tlshash":"11d0c939325d983ab755801abb253578016f60f5524d2160bc815831d40698a3c3b1d9","first_seen":"2023-06-18T21:50:02Z","last_seen":"2026-05-24T21:24:07.344451Z","times_seen":192,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nrs6ffl9w.com/check.html","fqdn":"nrs6ffl9w.com","domain":"nrs6ffl9w.com","tld":"com"},"ip":{"addr":"212.117.190.210","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nrs6ffl9w.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 22:22:36 GMT","end":"Fri, 23 Jan 2026 22:22:35 GMT"},"fingerprint":{"sha1":"78:6D:D5:0B:83:C1:7C:B2:BF:C2:F3:03:37:9D:83:33:00:E3:DB:D6","sha256":"68:06:51:46:2D:42:77:AB:D5:B3:3B:C7:F9:15:2A:E3:D0:6C:B7:28:4F:50:D9:FD:43:18:62:C3:A0:E2:5F:06"}}},"request":{"raw":"GET /check.html HTTP/1.1\r\nHost: nrs6ffl9w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Mon, 24 Nov 2025 08:42:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69241a69-39e\"\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"088dba8e97eede53134c93219f7ebbae","sha1":"adb707654d1fe0af7d0d7a9f55660d22bd3625e4","sha256":"6da0120b4c7bc45b63fcbb87595c3c1ea2cdca482b0c48d4d2ab434f9e897aff","sha512":"23a1f87731e8aee4658993cd1ce35ec179fea80b89bf52aca7634488f1bdfcf88b9cabca4859481357a9fee06cbb49df64bbe0878b1dae0e5df4fa34003c6d80","ssdeep":"","tlshash":"6211d04934e1684c1127a6301597a2183c32a40315cbd949fb9cd7301f815a7dc596df","first_seen":"2024-11-22T16:59:41.974716Z","last_seen":"2026-03-04T10:11:28.020186Z","times_seen":13721,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/92370164641027.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /92370164641027.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19525\r\nlast-modified: Sun, 30 Nov 2025 08:03:02 GMT\r\netag: \"692bfa36-4c45\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19525,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"876a382f622c78835d401641153a2199","sha1":"c777408284700f090bf1d5476a619854e8af09b8","sha256":"f176503b09a00ccbfef4a8d5a910f5b61663b5e1d36ac3e505a9f03e16bcc22d","sha512":"939423958873af75c58f7accb028e573d13cc37f4f2c6f5efc449ebc654add410d4b795b96fbb3584e1334c5447039d786efb2bcb081a7f982dff0c7cbf5bf83","ssdeep":"384:PDSsouvfCZAXMODTnNDgNANjRJ+zq+w5i/hHHL04Mm0pVB6FK2BK3DsJA9W:PJfCmBPp9b4q+w5qLZEzEKkw3W","tlshash":"3f92f1c3b82d92a0dc4d95b227eb898a50ebd230cc1cf86d144b75e42ea50bf1b5d1da","first_seen":"2025-11-30T12:42:10.33041Z","last_seen":"2025-11-30T12:42:10.33041Z","times_seen":1,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/6870977564437.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /6870977564437.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19019\r\nlast-modified: Sun, 30 Nov 2025 08:42:03 GMT\r\netag: \"692c035b-4a4b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19019,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"bd2575283267a8cfd2f51194d9b0a4e1","sha1":"37deb95805653ea3567fecf5c1854e466acbc1e6","sha256":"fb3ad312605abdf620fd360a005cb4f94e3f8fa6c361883f0971b051022f846a","sha512":"f225938f5bbd52ebc158b0d77354b30521f1c53b2c6e855100b222ec773d9cec35829d44e1a30e211e12bb8c1655b83916104507c108b8a4270f209733dc3380","ssdeep":"384:x+tklMNNBxrdOlNo+9q1lLFPpyg7VuWVl793+XvLUvgXPp4a58v6:xNMPQlNy9PMMuWVR93B0Pp4Y","tlshash":"4d82e1873c49d7f19dda2fda0252efba83dae35c059449db818d57325d09ca380c7963","first_seen":"2025-11-30T12:42:10.332199Z","last_seen":"2025-11-30T12:42:10.332199Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/5136028064638.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /5136028064638.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23507\r\nlast-modified: Sat, 29 Nov 2025 21:07:22 GMT\r\netag: \"692b608a-5bd3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23507,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"ed5bf96b0b4dcfd91dd759abd958466a","sha1":"d8c0ef9f4e25f77ab469f5c3a71612ab32003d27","sha256":"a590ea4e147c3f9648f5654f526fc7387e14d3368a6af84f829443d2ecdeb835","sha512":"07ff1b1b85c73fda86528b0398070b20a582385d5b1a052d0c87361ce4b038b20ad1f352519d74e33fd550f2a45ee66693fa3f30dc35068cb253afb95af47aa6","ssdeep":"384:p7Q3EuWma9JFyTIgYo87ZTAyhuiIKHMp/bkaqU6LYNgE078ureVyL0uQSws:2EuWDSItogZT5YiJsp4azXe78urO3y1","tlshash":"98b2d16201868456ffae2335057cd70d283ce7869a670261b198f926f6b0db4ce53f47","first_seen":"2025-11-30T12:42:10.33419Z","last_seen":"2025-11-30T12:42:10.33419Z","times_seen":1,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/jquery-3.3.1.min.js","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /jquery-3.3.1.min.js HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 06 Jul 2018 18:46:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5b3fb91c-1538f\"\r\nreferrer-policy: unsafe-url\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-27T18:07:57.456452Z","times_seen":131279,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pornxp.one/yall-2.2.1.min.js","fqdn":"pornxp.one","domain":"pornxp.one","tld":"one"},"ip":{"addr":"45.143.222.234","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:42.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pornxp.one","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 06:39:13 GMT","end":"Tue, 30 Dec 2025 06:39:12 GMT"},"fingerprint":{"sha1":"D8:50:BC:ED:12:4B:1A:AD:B1:AF:DE:04:79:9D:D1:44:94:BE:7E:CF","sha256":"E6:12:03:C3:DC:32:DD:60:78:64:68:5A:19:DA:64:3B:91:2B:7F:C9:63:C1:22:C5:47:1A:12:01:5C:2A:53:8A"}}},"request":{"raw":"GET /yall-2.2.1.min.js HTTP/1.1\r\nHost: pornxp.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pornxp.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:42 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Sat, 26 Jan 2019 18:57:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5c4cadb6-c90\"\r\nreferrer-policy: unsafe-url\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3216,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3216), with no line terminators","md5":"5a31a632c9dea39104896a277861699d","sha1":"ed6b7f0e9264e057880332d5815f984dd27e9258","sha256":"4a343084a2fc2a420370b7217aacd24aeada2567f1137f74274ed80784ae495f","sha512":"de2ffa78d3b93761e386de2fdd7450c3b3eebf1f46ae100f9e0a8c64a21b7e97ffd1152c47ec889a30abb5eae0abf92560fffa4260a4b00c71150624537c2dc2","ssdeep":"","tlshash":"a86165dd3099b67fbca70673a1373346723a245ab44a04310979b2c96dbc8de962748e","first_seen":"2023-03-09T21:20:37Z","last_seen":"2026-05-24T21:24:07.336378Z","times_seen":224,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"pornxp.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/5557145364756.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /5557145364756.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19325\r\nlast-modified: Sun, 30 Nov 2025 09:08:59 GMT\r\netag: \"692c09ab-4b7d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19325,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"b9b011e939b23896973c0e98bddccb5e","sha1":"6267d1a53446c214f8a9fc52dff81c9e55ee69fd","sha256":"7c2c01aed11348ff21e3a4acccd4b2c6ece5bdcb020104d25c5b26c88538051f","sha512":"6b2d8c8651f19bfe86f9dcc84f41a923bbe133a3d9dcf582cde68ce8a941ebb7b89dbb103eb08d03370bcbac2549f278443ea89b45109c69bdb59e9b3154392a","ssdeep":"384:KBqpHvnXxH9yEKwHxoQTcRcWhGdcab2pU67NR2bl0BdQk6II:KBqpHvnf1KwSQsa36JRMaoII","tlshash":"2d92e10bb06ede02e9e11721d715f3ab47665e01e79c2cca870248ecef6aca1558c6f5","first_seen":"2025-11-30T12:42:10.338071Z","last_seen":"2025-11-30T12:42:10.338071Z","times_seen":1,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/3975460864256.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /3975460864256.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18538\r\nlast-modified: Sun, 30 Nov 2025 05:43:26 GMT\r\netag: \"692bd97e-486a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18538,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 640x360, components 3","md5":"ecba38dddf7b48b9cdb5fe0274e21296","sha1":"32b7e2a37a5454bd78607268c6679d5464a39a53","sha256":"8c969e3d77f1b0bf48afd4ac74a243052cddb3cd91ccb158bdafee8fefc257f6","sha512":"603700bbf95d9df9fb17001b85251d5fe9bc5c25321bd152f1d210966cc0815cd59536676cf00716718998e8db9d98a97aece6918a891eabb962f1c677909b4f","ssdeep":"384:m/OOhkQvkU5Jxec1yxQtuibAPTTHIFGyFmXSQPSKHqPC8fXDnK:mB+Yh5n1rtuiUbcFGyQPSgeDe","tlshash":"3782d04b05d769c1dbd05238b237f69b570b5d46baa0c398236a9eb12e7a7324f9204c","first_seen":"2025-11-30T12:42:10.33951Z","last_seen":"2025-11-30T12:42:10.33951Z","times_seen":1,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/9610175764294.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /9610175764294.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20708\r\nlast-modified: Sat, 29 Nov 2025 21:47:05 GMT\r\netag: \"692b69d9-50e4\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20708,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"05ed271fd4d13887165e46e4cd21b253","sha1":"3f3d0a4cc326a111caeab3c19f4296297b6e3f69","sha256":"350a852ed0ffc71c6a83f7676ab6a1654ea6f2d7d671555c8f573dfaba631b50","sha512":"43d664c65795579919fe50c34823cae81dbc5a7b3022468df3ea26929fdbd8014725c748731c6ac0608579193aee7832e679098ded12e79b6ae2206e091ccf76","ssdeep":"384:gwmBDlGKysgitXHlsPKCIfvcs9UYb5YFCPj44N3TZoMIqC4M:gTlGKVltX9cGUYb5YFCPRTZoMi","tlshash":"8e92d1c1f0cfa1c3abadcdea94b056e94c61b96ca2e1114fb59b51d55418e34ffe8808","first_seen":"2025-11-30T12:42:10.341268Z","last_seen":"2025-11-30T12:42:10.341268Z","times_seen":1,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/95481473641204.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /95481473641204.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23619\r\nlast-modified: Sun, 30 Nov 2025 08:45:14 GMT\r\netag: \"692c041a-5c43\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23619,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"d19dc341792e45d22ad767734369df9f","sha1":"d7174b5c24847bee6175cbea2724ed483b6b8d20","sha256":"ac031c611e53aaa5aed4284cd1daa2148df25078a231a7a7ebde8b52a67fa242","sha512":"adf39caf5209a4a779878ac705fb71baa98bd4d7d9ce1ab454751150904d28b7d77ec5ee8e476ee63faf780701264d7fe1c2b6ea33afc6be28e7f327fbc25f2e","ssdeep":"384:+jyp+UzB7iH6DqPV9Sq6lkXL//pxcurPSJWhGJjr23KckGuvvZtn3VEvfd7mqgFc:+9QB7tDiLq0zpJPYWhWjfzllIfd2Vy48","tlshash":"66b2d0154e8eefd48bfaf5f81bb5f3452cfce561a8848dfbc321216f202c965664a508","first_seen":"2025-11-30T12:42:10.343076Z","last_seen":"2025-11-30T12:42:10.343076Z","times_seen":1,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ii.pornxp.tv/93218158642134.jpg","fqdn":"ii.pornxp.tv","domain":"pornxp.tv","tld":"tv"},"ip":{"addr":"77.247.108.13","port":443,"asn":215845,"as":"TechoServers LTD","country":"Belize","country_code":"BZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ii.pornxp.tv","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 16:36:30 GMT","end":"Sat, 31 Jan 2026 16:36:29 GMT"},"fingerprint":{"sha1":"E2:E4:8E:34:81:7D:27:17:02:09:5A:04:D7:27:81:07:9A:2C:F0:F6","sha256":"86:B2:7B:FA:65:09:67:E7:A2:11:63:29:CF:A8:A8:0C:AA:1A:2F:1E:76:75:BE:24:3E:39:64:4C:B4:DB:3B:60"}}},"request":{"raw":"GET /93218158642134.jpg HTTP/1.1\r\nHost: ii.pornxp.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18359\r\nlast-modified: Sun, 30 Nov 2025 09:03:00 GMT\r\netag: \"692c0844-47b7\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18359,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc59.20.100\", baseline, precision 8, 640x360, components 3","md5":"ca530eb5e2498895059c358b01f1c241","sha1":"1d0a5fedf91598af0fdd921df2bf2f28c822b776","sha256":"52a4227cd1234650fc8bef1ad925c0874f5aca1ac0f6506bfdd78c38ddb2d164","sha512":"dcf4a1a4b248a7488b489e3750616fec1db722fa40b49a65b3d61c0cc50e5344121cf12119c8b3819eead81569e2897743a1d4260d39483adaf2c177cba40dfa","ssdeep":"384:sNtAMIL3n6WNlMFVeHHBpRExs3aBD4voHU2b9jqFByS8ZG/V4zMEEd:sNt6LX6elMOHHBpyxs3aBD4vc9+/vWz0","tlshash":"8782d143939cf25cd5727c38d8aaf12423b6aa752d9a15c4dd25f4e462081727f2c9cf","first_seen":"2025-11-30T12:42:10.344679Z","last_seen":"2025-11-30T12:42:10.344679Z","times_seen":1,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u3y8v8u4.aucdn.net/library/934790/5903f0b80e8232855cfb78e515ff5b9fe567a07d.mp4","fqdn":"u3y8v8u4.aucdn.net","domain":"aucdn.net","tld":"net"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://pornxp.one/","date":"2025-11-30T12:41:43.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/934790/5903f0b80e8232855cfb78e515ff5b9fe567a07d.mp4 HTTP/1.1\r\nHost: u3y8v8u4.aucdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pornxp.one/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sun, 30 Nov 2025 12:41:43 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 6586647\r\nlast-modified: Wed, 29 Oct 2025 10:45:29 GMT\r\netag: \"6901f049-648117\"\r\nexpires: Thu, 29 Oct 2026 12:44:54 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBX63NDQH3UiQqAAwBuUwKCQH3nQIAAAwBJRPCNAG3UggAAA\r\nx-77-nzt-ray: 2a494a15c127f289ac3b2c6997d0c31b\r\nx-77-cache: HIT\r\nx-77-age: 2761810\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-6586646/6586647\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":4718592,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"860a6da6726d66a0d9f503920abf9f56","sha1":"1fa9c3567057d1a072b134ade94717396a968bff","sha256":"b289e3d1b08bffb660828d093c3c0be994b078d2cdcf5a7a9750702b28e7e0c5","sha512":"036e41e3cfb72a5ecd5692e87ae9f2e244fba091638a8f5c1fcbf71d13608fb9e345e8a8e7a1f0b2232b7266fb97b0ee0ecf8ec0f85d6aadd7138907364e2745","ssdeep":"24576:2HK8GkDT0eSLpZoeNpfOggpUeU2uULW3sp0RJT:2HK8teZPz4bLW3pRJT","tlshash":"1125231993e86443f891c33483c58bc3f8eadb75f78b1453906613a79ee1be986876c0","first_seen":"2025-10-29T15:32:56.588134Z","last_seen":"2026-03-12T19:38:43.826866Z","times_seen":63,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":49,"dns":13,"connect":19,"send":0,"wait":8,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"u3y8v8u4.aucdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}