{"report_id":"5c9010f1-0386-46d0-97d1-246a66eaa0d8","version":6,"status":"done","tags":[],"date":"2025-11-23T16:32:42Z","url":{"schema":"http","addr":"cn.pornhub.moe/","fqdn":"cn.pornhub.moe","domain":"pornhub.moe","tld":"moe"},"ip":{"addr":"45.125.33.226","port":0,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"cn.pornhub.moe/","fqdn":"cn.pornhub.moe","domain":"pornhub.moe","tld":"moe"},"title":"cn.pornhub.moe/","dom":{"size":2536,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6c5e7b05ce278e7794adcd7fe13c7e54","sha1":"fdb8ecc158ac0739f5dedfb0a493f44b236b5f63","sha256":"e16c320354dec012424c4f7b87c00b67e148fca285e467c11419494d4fbd7138","sha512":"5659d810d99137b3f11b46c6468c473efad12e668ca0917bd2bbf79495b89dbd1cd64559ce7b7f6813c7c82b2ccc4d151bd08e7ef182541feb904f84d26843d9","ssdeep":"","tlshash":"ed517596a7e20aaf5323532417dbb2053630dc53d60cb7583aec95e08fc974894bf176","dom_hash":"domhash9953ca767ec3a78deb2be047fa42cde3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cn.pornhub.moe/","fqdn":"cn.pornhub.moe","domain":"pornhub.moe","tld":"moe"},"ip":{"addr":"45.125.33.226","port":0,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-28T16:32:42Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-23T16:32:20Z","timestamp":1763915540,"ip_dst":{"addr":"154.36.180.107","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.11","port":48398,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-11-23T16:32:20.419763+0000\",\"flow_id\":158498102167214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":48398,\"dest_ip\":\"154.36.180.107\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"cn.pornhub.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2677,\"start\":\"2025-11-23T16:32:19.902830+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-23T16:32:20Z","timestamp":1763915540,"ip_dst":{"addr":"45.125.33.226","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"172.18.0.11","port":52318,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-11-23T16:32:20.579034+0000\",\"flow_id\":1666246371465711,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":52318,\"dest_ip\":\"45.125.33.226\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"cn.pornhub.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":916,\"bytes_toclient\":2676,\"start\":\"2025-11-23T16:32:20.154095+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cn.pornhub.moe","ip":{"addr":"154.36.180.107","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2025-04-07","domain_rank":0,"first_seen":"2025-08-02T11:40:01.486597Z","last_seen":"2025-08-02T11:40:01.486597Z","alert_count":0,"request_count":2,"received_data":12773,"sent_data":918,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cn.pornhub.moe/","fqdn":"cn.pornhub.moe","domain":"pornhub.moe","tld":"moe"},"ip":{"addr":"154.36.180.107","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7946845e9cbb637521f2d346215e8666","sha1":"8627f2602991aafeaeec69a72006459e1ee2f37a","sha256":"f13d3d07ccb736e1eb3965b689b05e60781dc0cafc9a478e3156a66644687d1f","sha512":"4aab604e9a36575814bf10c122fabb825551d56a1f96359e54b415c94901723d5ccd9601230d09327d65e638649f4e79d48cb2b234b5255456a2aab9c883fcd5","ssdeep":"","tlshash":"97f0d86abefa19754333b224669fb255353380e75408ee0e3f6c8ac00fd9914446ed56","size":454,"data":"","first_seen":"2025-10-30T10:07:31.664526Z","last_seen":"2026-01-18T21:25:06.748767Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cn.pornhub.moe/","fqdn":"cn.pornhub.moe","domain":"pornhub.moe","tld":"moe"},"ip":{"addr":"154.36.180.107","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-23T16:32:19.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pornhub.moe","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 01:57:33 GMT","end":"Fri, 09 Jan 2026 01:57:32 GMT"},"fingerprint":{"sha1":"35:07:08:21:EA:60:9F:FD:28:25:3C:B7:6C:78:E3:60:58:26:46:B5","sha256":"26:B3:AA:C6:2F:5E:0C:14:16:8C:A7:13:2B:43:C2:EF:BE:73:9B:48:43:DC:B9:76:BE:6E:B3:52:22:23:21:2D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cn.pornhub.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\nserver: openresty\r\ndate: Sun, 23 Nov 2025 16:32:20 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2563,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"11297b419390de69fdffea4f71d7f6e3","sha1":"c306a4663ffcd734bd1fa69713b1587c1775be6c","sha256":"adce262e52310a3281ee55245b8a4426e4224342722c22403d1fe25b903ddd28","sha512":"8f7559f9484edc107bee9465c3d960bba19a774bc2c4b09d294c8fad0c799a6e286d7eddaedc298e99dca4a63f6354f87d8293ab8b573560afcba7de6303f910","ssdeep":"","tlshash":"5e517456a7e20a6f5323522417cbf2063630dc93d60cb7583aec95e04fc974894bf1b6","first_seen":"2025-10-30T10:07:31.660808Z","last_seen":"2026-01-18T21:25:06.74227Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1327,"timings":{"blocked":534,"dns":9,"connect":258,"send":0,"wait":259,"receive":0,"ssl":265},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.pornhub.moe/favicon.ico","fqdn":"cn.pornhub.moe","domain":"pornhub.moe","tld":"moe"},"ip":{"addr":"154.36.180.107","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.pornhub.moe/","date":"2025-11-23T16:32:20.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pornhub.moe","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 01:57:33 GMT","end":"Fri, 09 Jan 2026 01:57:32 GMT"},"fingerprint":{"sha1":"35:07:08:21:EA:60:9F:FD:28:25:3C:B7:6C:78:E3:60:58:26:46:B5","sha256":"26:B3:AA:C6:2F:5E:0C:14:16:8C:A7:13:2B:43:C2:EF:BE:73:9B:48:43:DC:B9:76:BE:6E:B3:52:22:23:21:2D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cn.pornhub.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.pornhub.moe/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 23 Nov 2025 16:32:21 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 9662\r\ncache-control: public, max-age=10368000\r\naccept-ranges: bytes\r\nset-cookie: accessAgeDisclaimerPH=2;path=/\r\netag: \"8d381454bca84c70b3156b881c1ca149\"\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":9662,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"f42c20d90c00539dc8197bfb6b522009","sha1":"2ec432196acfe4de3f8903941c5b10737f1c8629","sha256":"c0574f958234962b5d31f8a4d4c3cecdfdbe74caf0cac17f73f5537cef64761d","sha512":"07913952bbb4b0f6a3adca89e2b6a58edf564dadf5a8046fe6eac4f4feef0c51294e43cca32c707688a9fc1d14edcb7949c97daf939683c16e0381cf035e8434","ssdeep":"48:9krVV7PVXVVHvHXXXXXXXVFXsPxpiQG6u9Q8spSxZvMVVVVVVVVVGaV+VVVC:9oteEfv5g","tlshash":"3812c57d999a178ff0ec127ec471da7a04bd8d291c215a0f89ff7edb32121a5011e623","first_seen":"2025-09-07T23:10:19.350524Z","last_seen":"2026-04-02T16:58:49.583624Z","times_seen":259,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":350,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}