{"report_id":"494dba74-58c1-4a86-8136-41090a6f1235","version":6,"status":"done","tags":[],"date":"2025-09-23T20:42:38Z","url":{"schema":"http","addr":"katt5.de/register?invite=23549d","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"ip":{"addr":"104.21.63.203","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"katt5.de/register?invite=23549d","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"title":"Register"},"submit":{"url":{"schema":"http","addr":"katt5.de/register?invite=23549d","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"ip":{"addr":"104.21.63.203","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T20:42:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"katt5.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Content Category / Application Block","trigger":"katt5.de","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"katt5.de","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-09-23T20:42:38.61071Z","last_seen":"2025-09-23T20:42:38.61071Z","alert_count":10,"request_count":5,"received_data":360383,"sent_data":2644,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"cdn3.emoji.gg","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-07-02","domain_rank":2060414,"first_seen":"2022-05-18T10:12:33Z","last_seen":"2025-09-23T03:17:47.815434Z","alert_count":0,"request_count":1,"received_data":3418,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"katt5.de/css/register.css","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://katt5.de/register?invite=23549d","date":"2025-09-23T20:42:16.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"katt5.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 21:15:55 GMT","end":"Sun, 21 Dec 2025 22:13:37 GMT"},"fingerprint":{"sha1":"B2:25:F7:98:21:49:C1:A5:CF:E2:CE:6F:D3:F3:3D:9A:3A:81:9E:F0","sha256":"9F:DE:18:A6:19:3A:53:52:40:52:2C:61:22:E1:9C:A1:B9:DF:F7:8B:BB:8B:F2:C7:D5:3A:0B:E6:E9:C7:22:8E"}}},"request":{"raw":"GET /css/register.css HTTP/1.1\r\nHost: katt5.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://katt5.de/register?invite=23549d\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AzTKEp1QqT0UGwVBy05VUalZjv909FlOs.6aG5gfXzPorUPQBprr8jwBgBx8jL9oBEECOfSjxom3E\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 23 Sep 2025 20:42:16 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nx-powered-by: Express\r\ncache-control: public, max-age=14400\r\nlast-modified: Tue, 09 Sep 2025 22:19:16 GMT\r\netag: W/\"15a1-199308fd2a0\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kXxpNzTNOgo%2FxnmteOIv1nIQ%2BPL3rrgZHs1ZKj1aH3TuISR7nz19oVEWSElxjFa%2F%2FYi4DtPbBCeUmaMiA7%2FuOPhHwPpdjg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 983cde1a6aed56a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":5537,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"1763c33d0fff5fa6d337df2255393461","sha1":"7dcbf7507b0fe287cdf0ad69dd663cbfc5b2e66d","sha256":"84df2bd974475f30072b19adb69fec0fedbb18692d1296ad077e02fd970e7a43","sha512":"641249c43b9d37cd1bbcbecbed0a35bd23f3575c7a8e23b6582d2931c0ea3aa5c196e04f52f6c604f86faf0a5a4855808330814dd48531dd4a6d5d96b8ff4995","ssdeep":"96:xoh1S37wn73A/QT27mnefFYKMj7Sk/ReKH:xohga7Q/QT27mneyKMPSZ2","tlshash":"c0b10058db4602423237daf4a7f38655f79855638a0a427d7be972948fbc0bc9260fcc","first_seen":"2025-09-23T20:42:42.900424Z","last_seen":"2025-11-15T14:50:53.736314Z","times_seen":3,"resource_available":false,"data":null}},"time_used":395,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"katt5.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Content Category / Application Block","trigger":"katt5.de","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"katt5.de/js/image.js","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://katt5.de/register?invite=23549d","date":"2025-09-23T20:42:16.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"katt5.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 21:15:55 GMT","end":"Sun, 21 Dec 2025 22:13:37 GMT"},"fingerprint":{"sha1":"B2:25:F7:98:21:49:C1:A5:CF:E2:CE:6F:D3:F3:3D:9A:3A:81:9E:F0","sha256":"9F:DE:18:A6:19:3A:53:52:40:52:2C:61:22:E1:9C:A1:B9:DF:F7:8B:BB:8B:F2:C7:D5:3A:0B:E6:E9:C7:22:8E"}}},"request":{"raw":"GET /js/image.js HTTP/1.1\r\nHost: katt5.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://katt5.de/register?invite=23549d\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AzTKEp1QqT0UGwVBy05VUalZjv909FlOs.6aG5gfXzPorUPQBprr8jwBgBx8jL9oBEECOfSjxom3E\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 23 Sep 2025 20:42:16 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\nx-powered-by: Express\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 22 Sep 2025 06:31:23 GMT\r\netag: W/\"20d28-199701eb16c\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cuFgCMkHIKx4fOhJoym%2FCppNkHf5wE8NgvqwfMF6rdj2nRwP8KBzKrqEpNIOsjVR4bcziF9rOvNKt%2Fd%2BFb%2BqUXzDYKwi%2BQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 983cde1a6aee56a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":134440,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3637586cae17979a70f14b6a22ae2394","sha1":"44c8df38b1f108ab82dccb433f76805ce5ec50ee","sha256":"14f2d820e0d4b73d74651c2d98436612d489828795abec367f6b8452dcca6348","sha512":"b1ae553be08f05126a79dfe3bf983fcc45f238c2d9f519d1c96822ca0073a9a9549339753cafd387df3bedc5f9efa81ebebf3db7e970404a7c9a98a8a166d28b","ssdeep":"1536:ISQXnmc/9VU+SOMpTuBVhIeJb6w9x8S0TT24RyJVRocRV89r3Sh6bcUqzW2AcoEx:ISQd2EBNbH9x8S0TT24RFcn8CUxF86o","tlshash":"8ad38380b7c5bc8112475b77771bb1e6e92e8dec7189088af004bca8f5bd525fae5930","first_seen":"2025-09-23T20:42:42.91055Z","last_seen":"2025-09-23T20:42:42.91055Z","times_seen":1,"resource_available":false,"data":null}},"time_used":547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":447,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"katt5.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Content Category / Application Block","trigger":"katt5.de","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"katt5.de/image.png","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://katt5.de/register?invite=23549d","date":"2025-09-23T20:42:16.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"katt5.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 21:15:55 GMT","end":"Sun, 21 Dec 2025 22:13:37 GMT"},"fingerprint":{"sha1":"B2:25:F7:98:21:49:C1:A5:CF:E2:CE:6F:D3:F3:3D:9A:3A:81:9E:F0","sha256":"9F:DE:18:A6:19:3A:53:52:40:52:2C:61:22:E1:9C:A1:B9:DF:F7:8B:BB:8B:F2:C7:D5:3A:0B:E6:E9:C7:22:8E"}}},"request":{"raw":"GET /image.png HTTP/1.1\r\nHost: katt5.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://katt5.de/register?invite=23549d\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AzTKEp1QqT0UGwVBy05VUalZjv909FlOs.6aG5gfXzPorUPQBprr8jwBgBx8jL9oBEECOfSjxom3E\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 23 Sep 2025 20:42:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 35946\r\nserver: cloudflare\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 05 Sep 2025 08:52:04 GMT\r\netag: W/\"8c6a-19919135f20\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: EXPIRED\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UBpNwagR5ycKSSq%2Be4nyn297IgNbp1EuxrzEuh%2BPM6JbMSXHcDYPnMptrlNl6SoEIQPi9qoxenxUWFeZqdFLT3V2iC8dOw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 983cde1a6af256a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":35946,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 468 x 211, 8-bit/color RGBA, non-interlaced","md5":"a7a56d21019bbec8a8962073497e4375","sha1":"e955760323d544cc68fb7e91fc21fc37da8434dc","sha256":"bd78ff9f67848e257f4354b76dc1c7c7497514156511029f5f94fd956c75085d","sha512":"61f392b595df3794bdc83f64f8005a345511d76ad95f666bd5493878e6a0fad3836bb0cf66c877220708434b163c1e39b79d7819d0f48b1789df0d701d2d59d8","ssdeep":"768:50c1x6zLMFMLvs7FtkZ8jo29tXaMS1pN4YrH3iTWMEfbq2:Kq6HBLvQFtkWj/u1y5EfG2","tlshash":"adf2f12dc8ab0c17b7f65aac3cac73d05e41e5428dee463b6f93b4279890810b17d675","first_seen":"2025-09-23T20:42:42.915284Z","last_seen":"2026-06-01T10:45:37.914949Z","times_seen":45,"resource_available":false,"data":null}},"time_used":541,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":508,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"katt5.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Content Category / Application Block","trigger":"katt5.de","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"katt5.de/js/register.js","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://katt5.de/register?invite=23549d","date":"2025-09-23T20:42:16.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"katt5.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 21:15:55 GMT","end":"Sun, 21 Dec 2025 22:13:37 GMT"},"fingerprint":{"sha1":"B2:25:F7:98:21:49:C1:A5:CF:E2:CE:6F:D3:F3:3D:9A:3A:81:9E:F0","sha256":"9F:DE:18:A6:19:3A:53:52:40:52:2C:61:22:E1:9C:A1:B9:DF:F7:8B:BB:8B:F2:C7:D5:3A:0B:E6:E9:C7:22:8E"}}},"request":{"raw":"GET /js/register.js HTTP/1.1\r\nHost: katt5.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://katt5.de/register?invite=23549d\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AzTKEp1QqT0UGwVBy05VUalZjv909FlOs.6aG5gfXzPorUPQBprr8jwBgBx8jL9oBEECOfSjxom3E\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 23 Sep 2025 20:42:16 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\nx-powered-by: Express\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 22 Sep 2025 06:32:01 GMT\r\netag: W/\"23dc2-199701f456f\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zqhqraRawyJNsYh2dAnlv3AEtOUz0zG9puhBtLC0GNYVF4rEpfROVWFFSoTS1PFD0nVwgdFu6Id2dHUyHNcv102VpJxODw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 983cde1a6af156a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146882,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4c4d4beeee25a2a10820e4d1bd418bab","sha1":"e12c8489c2be2efcd2075b76dfb5875bfc4f80ed","sha256":"7176ae3ed24317e95d630db6274dcefefad11c590fe6af457418c7622c6b2a54","sha512":"3b2a701f855c9ac95d9f9c8b37a3a802e524ffac3b4c40b88c8fdedb914fa3a6cf62261ceb0122b39b529ac4f3370773beb534ec09cab987aae9ce7a5348265f","ssdeep":"3072:0jMqOAzmOkgeL8BrxJBqyA/LS+U12wjHi2S8Gyde3SQcpWfAk30WPvOUh:yVSONeLWrdqy0S+U12wjHnLP92","tlshash":"f2e3848077d2bc81124b1b77772ab1e5e53a89dcb0c8089ef444bc98f5bd926fad0635","first_seen":"2025-09-23T20:42:42.920413Z","last_seen":"2025-09-23T20:42:42.920413Z","times_seen":1,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":455,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"katt5.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Content Category / Application Block","trigger":"katt5.de","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn3.emoji.gg/emojis/4600_hub.png","fqdn":"cdn3.emoji.gg","domain":"emoji.gg","tld":"gg"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://katt5.de/register?invite=23549d","date":"2025-09-23T20:42:17.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn3.emoji.gg","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 23 Aug 2025 04:52:29 GMT","end":"Fri, 21 Nov 2025 04:52:28 GMT"},"fingerprint":{"sha1":"D9:F4:47:D2:89:61:24:2A:E8:63:7C:B9:4C:BD:69:92:8E:77:A7:22","sha256":"6F:FA:B7:82:AD:AA:18:5D:AD:5D:21:2E:3A:24:49:25:D2:F2:60:65:24:6F:A5:81:D5:7C:49:DD:49:1B:4F:3A"}}},"request":{"raw":"GET /emojis/4600_hub.png HTTP/1.1\r\nHost: cdn3.emoji.gg\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://katt5.de/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Sep 2025 20:42:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 2465\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qPvBECFVZX7RssWD7L0P14ImjNIPS5wb7bogaof4Ya7mgPv1TJezDaubO0RaQG1rvXqA%2FMS0CdEjjyivZ8HysSDiNqn426H1Ug%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nlast-modified: Tue, 17 May 2022 23:15:13 GMT\r\nx-rgw-object-type: Normal\r\netag: \"b728ce107907e80df2822975403b4465\"\r\nx-amz-request-id: tx000007e01e995e71710da-006870824f-1658ca08e-fra1b\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-do-cdn-uuid: ed216277-2958-478c-82ba-7db8c1ae59b1\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nage: 22157\r\naccept-ranges: bytes\r\ncf-ray: 983cde21e919568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2465,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 69 x 40, 8-bit/color RGBA, non-interlaced","md5":"b728ce107907e80df2822975403b4465","sha1":"a8591f24edad49bf9ae433ef0127c98a5a8ca675","sha256":"73dc9a5ff4b451ceb9670fad3b0b1143dc316f9b43d5d7ec45ee89dd5e7fd275","sha512":"c31f232fe3774e414385b0b2fd226ebb58c1ac01082d7e6b6004767a8c40d70f70c19835658a935ff596d8c4139f064f7fc290d924d731f0b1d2ed4a08718fd3","ssdeep":"","tlshash":"ca512aeeba6233baefe555480c996d64320f0c0956273418d2f1a4a0da36a8445d2e4f","first_seen":"2025-07-29T11:00:39.929796Z","last_seen":"2026-06-01T10:45:37.916365Z","times_seen":51,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":20,"connect":1,"send":0,"wait":11,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"katt5.de/register?invite=23549d","fqdn":"katt5.de","domain":"katt5.de","tld":"de"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-23T20:42:15.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"katt5.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 21:15:55 GMT","end":"Sun, 21 Dec 2025 22:13:37 GMT"},"fingerprint":{"sha1":"B2:25:F7:98:21:49:C1:A5:CF:E2:CE:6F:D3:F3:3D:9A:3A:81:9E:F0","sha256":"9F:DE:18:A6:19:3A:53:52:40:52:2C:61:22:E1:9C:A1:B9:DF:F7:8B:BB:8B:F2:C7:D5:3A:0B:E6:E9:C7:22:8E"}}},"request":{"raw":"GET /register?invite=23549d HTTP/1.1\r\nHost: katt5.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Sep 2025 20:42:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: Express\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hCAoI%2F9BuT5eMZF6UIw54e3kXLReal5qi21aCEDG6ZFvP4lAT%2BO4U3UKCj%2BgGs91P1C390Rfo5bZ2%2BaQTwH%2BnKYF8nImmVTI\"}]}\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: connect.sid=s%3AzTKEp1QqT0UGwVBy05VUalZjv909FlOs.6aG5gfXzPorUPQBprr8jwBgBx8jL9oBEECOfSjxom3E; HttpOnly; Path=/\r\ncf-ray: 983cde177d1c21fe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":33129,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (29894), with CRLF line terminators","md5":"4e3f2923bf64b7b5e829b3cfc26f101f","sha1":"bdea1f25bf0fbc3fbeac3c1b0a1ebd83272697b6","sha256":"73e7165fe0297cbaa52b7466b98a095ab2e1b45dab088db74887b0110f6ded98","sha512":"5033ed166efdf52130d9152a15c17560efcff42a75330103a7db3b902bb1cbd503d3711b288fc5e6f3f263ba517f0cb05d6e1ae2e9a9f0a2d4fdfd1e2fa4ae51","ssdeep":"768:YHFZTHHSZhAJiMhHeSUiWzXfI7uHCpRU6J2XNpmA8uu:UXzyZ2XJeSUiyXfLH+RLONm","tlshash":"8fe2cf23ace48d1b2636c7702406ba9bfeb9c897e4548a40f6ed36d39bf1f6184435c1","first_seen":"2025-09-23T20:42:42.932473Z","last_seen":"2025-09-23T20:42:42.932473Z","times_seen":1,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":38,"dns":21,"connect":1,"send":0,"wait":339,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"katt5.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Content Category / Application Block","trigger":"katt5.de","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}