{"report_id":"90fd0334-5f2e-46a0-915e-5e0b86ab07a7","version":6,"status":"done","tags":[],"date":"2024-05-14T05:28:31Z","url":{"schema":"http","addr":"r34.xxx","fqdn":"r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.59.243.225","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I","fqdn":"ww01.r34.xxx","domain":"r34.xxx","tld":"xxx"},"title":"ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T17:03:51Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.168","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":75,"first_seen":"2013-05-22 04:07:37","last_seen":"2024-05-14 05:20:30","alert_count":0,"request_count":1,"received_data":75725,"sent_data":416,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"142.250.74.132","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":7,"first_seen":"2015-05-10 13:11:19","last_seen":"2024-03-23 18:27:44","alert_count":0,"request_count":1,"received_data":165867,"sent_data":420,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.adsensecustomsearchads.com","ip":{"addr":"216.58.211.14","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-01-28","domain_rank":0,"first_seen":"2015-09-02 02:57:40","last_seen":"2024-05-13 18:15:01","alert_count":0,"request_count":2,"received_data":85393,"sent_data":1651,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ww01.r34.xxx","ip":{"addr":"199.191.50.153","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":3,"received_data":1167,"sent_data":1679,"comment":"","tags":null,"fingerprints":null},{"fqdn":"e1.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":6159,"first_seen":"2021-08-20 09:36:30","last_seen":"2024-05-13 06:52:42","alert_count":0,"request_count":1,"received_data":730,"sent_data":326,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r34.xxx","ip":{"addr":"199.59.243.225","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":4,"received_data":41930,"sent_data":2053,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:06Z","timestamp":1715658846,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"Client IP","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:06.900610+0000\",\"flow_id\":656592594692677,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":786,\"bytes_toclient\":670,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:06Z","timestamp":1715658846,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"Client IP","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:06.900610+0000\",\"flow_id\":208906678594117,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":786,\"bytes_toclient\":670,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:07Z","timestamp":1715658847,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"Client IP","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:07.081629+0000\",\"flow_id\":656592594692677,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":10},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1396,\"bytes_toclient\":988,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:07Z","timestamp":1715658847,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"Client IP","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:07.081629+0000\",\"flow_id\":208906678594117,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":10},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1396,\"bytes_toclient\":988,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"e1.o.lencr.org/","fqdn":"e1.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:03.563001309Z","timestamp":1715658843563,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: e1.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 346\r\nETag: \"AEC18B8C8552167B2970EE8F66489DF85B22BBBCE4D486168B572C0D08DA2610\"\r\nLast-Modified: Mon, 13 May 2024 16:18:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21544\r\nExpires: Tue, 14 May 2024 09:53:07 GMT\r\nDate: Tue, 14 May 2024 03:54:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":346,"size_decoded":346,"mime_type":"application/octet-stream","magic":"data","md5":"57e4387454721df24a7a3d2871d355cc","sha1":"488deeb3240ce5fe00e64ec0b1174476c9506180","sha256":"aec18b8c8552167b2970ee8f66489df85b22bbbce4d486168b572c0d08da2610","sha512":"98a0c9c457127ffe02c77beeb4a34c1953af5115475f8c5cf8ea11fec25b577a75bcce6f4a1d33e8fd7834fcb6a0edeee6a0abe6b09eac8ed0960a444c68dedb","ssdeep":"","tlshash":"3de0c001cb60ac248f392fc0dea4c0057472b05e4a0c6b95a458c1d16c977dddb0d50d","first_seen":"2024-08-19T23:02:08.195341Z","last_seen":"2024-08-19T23:02:08.195341Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r34.xxx/","fqdn":"r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.59.243.225","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:03.603502233Z","timestamp":1715658843603,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: r34.xxx\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 14 May 2024 03:54:02 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 1026\r\nX-Request-Id: 5c4f3a99-f695-44a9-8712-40c4962589eb\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: sec-ch-prefers-color-scheme\r\nCritical-Ch: sec-ch-prefers-color-scheme\r\nVary: sec-ch-prefers-color-scheme\r\nX-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pV8EYUww8LkoE9lkajPcWPmYDAw/QY9wOr54AZceawt6VuRW1cT29WNdzTWmnKydGyGe9gPK0jzZGJgBgBwXIQ==\r\nSet-Cookie: parking_session=5c4f3a99-f695-44a9-8712-40c4962589eb; expires=Tue, 14 May 2024 04:09:03 GMT; path=/\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":1026,"size_decoded":1026,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"bf77315f02bba3dfc7b58fcdd4c64faa","sha1":"a1d2dcc4736325bedde846810f6c50a21754aa93","sha256":"59e99b5bd2161d504e232bb65a2df8dae3c82a76a9182f359ce33078db1eec9b","sha512":"cc790e27b3c2cdb1764a746ba2e7280980c3b20dca870d38be5096eaa666760b4410c1a54e3e5334fb973d2d162d05ac91019ae8fbaf1be95e920bf697576f8b","ssdeep":"","tlshash":"f11168361c579d4961f206911de1f64c4c0a278d53523d917fddd1b72dc07c2a82f6d9","first_seen":"2024-08-19T23:02:08.197245Z","last_seen":"2024-08-19T23:02:08.197245Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r34.xxx/bFOnUJTkK.js","fqdn":"r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.59.243.225","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:03.941129382Z","timestamp":1715658843941,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /bFOnUJTkK.js HTTP/1.1\r\nHost: r34.xxx\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r34.xxx/\r\nCookie: parking_session=5c4f3a99-f695-44a9-8712-40c4962589eb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 14 May 2024 03:54:03 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 33791\r\nX-Request-Id: 1c75c48d-5702-40b7-af76-32c6aaa9b1e5\r\nSet-Cookie: parking_session=5c4f3a99-f695-44a9-8712-40c4962589eb; expires=Tue, 14 May 2024 04:09:03 GMT\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":33791,"size_decoded":33791,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)","md5":"f48baec69cc4dc0852d118259eff2d56","sha1":"e64c6e4423421da5b35700154810cb67160bc32b","sha256":"463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c","sha512":"06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37","ssdeep":"768:TP2yR8VcbMnnZNdxBB5gPi0y8rnaVG4xYEW0Ddem+euROvvMzLXWI+6Ch75BGJ21:KnQrnSG4xYE4RLm","tlshash":"33e22ba23af7e06046e2c1dae4775215f738610a3405c06cf96c88ce3a5ae47d73eb75","first_seen":"2024-04-22T21:49:17Z","last_seen":"2024-08-20T03:18:22.479053Z","times_seen":7944,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r34.xxx/_fd","fqdn":"r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.59.243.225","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:04.103368313Z","timestamp":1715658844103,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /_fd HTTP/1.1\r\nHost: r34.xxx\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://r34.xxx/\r\nContent-Type: application/json\r\nOrigin: https://r34.xxx\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: parking_session=5c4f3a99-f695-44a9-8712-40c4962589eb\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 14 May 2024 03:54:03 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 5173\r\nX-Request-Id: ea684e30-df6c-4c83-aeaa-a1e35ff6c19c\r\nSet-Cookie: parking_session=5c4f3a99-f695-44a9-8712-40c4962589eb; expires=Tue, 14 May 2024 04:09:04 GMT\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":5173,"size_decoded":5173,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with very long lines (5173), with no line terminators","md5":"5c90947a498120a15db30da0dcfa5d1d","sha1":"17b4a41d70e25c0729d04e6364587b56535930bb","sha256":"55704fa066c39ff294ec90f60a7f9f68aeb7663260a1dcc3201c432902453890","sha512":"258aa3f20c4b3033e9decf7586892f1bafed1a5490ef72c18cccde8ab0054fd0fc2936d59f5f89469638ce2c14c34cce4478a3e82e4cd6706fb190faee5e6175","ssdeep":"96:N99dEVYqsEBPlbaBTcTkTX9WERyXyRCQz1ooR:td30DbX2X9WgCQz1ooR","tlshash":"49b184d6ca1538aad70a460371ce03ea534e82ff373a6259451f9988ca1d64f79e121f","first_seen":"2024-08-19T23:02:08.199175Z","last_seen":"2024-08-19T23:02:08.199175Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.googletagmanager.com/gtag/js?id=UA-106537103-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:04.372978445Z","timestamp":1715658844372,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /gtag/js?id=UA-106537103-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r34.xxx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 14 May 2024 03:54:04 GMT\r\nexpires: Tue, 14 May 2024 03:54:04 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Tue, 14 May 2024 03:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 75078\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":75078,"size_decoded":208443,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (4179)","md5":"e2dc78a9274a2ec8da672110d22a996e","sha1":"0b827e2bb956b8cb8758cb68bd6074de51800f24","sha256":"70bffabf53911b60972e55fe58ff6365d13387a7c881248ee679f0e89f0363ad","sha512":"d8a060e1e3a6abefd254a487ff335cc4dcbd3a9cbbe3950db288b1dc3b8cd8b24c0b0a1b9d74b72d28bb9d30891672f9d03a814f76a48621fc64ed791d3997a1","ssdeep":"3072:d8vC+awx3nqZ8svTCS8XphN/aryNpxLu+x8fZf73i3lsqnFfWyWfnzux+yv:iqWnqSsvuSspQ+x8fZjYnFfWyWfnzup","tlshash":"751407d9b392b02683a37474503f014bf13b6dd6b84cc898e185d5d42e78aa9527bf7c","first_seen":"2024-08-19T23:02:08.200158Z","last_seen":"2024-08-19T23:02:08.200158Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026bodis=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:04.518661149Z","timestamp":1715658844518,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026bodis=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r34.xxx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Tue, 14 May 2024 03:54:04 GMT\r\nexpires: Tue, 14 May 2024 03:54:04 GMT\r\ncache-control: private, max-age=3600\r\netag: \"18277337691249915516\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://www.adsensecustomsearchads.com\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":165016,"size_decoded":165016,"mime_type":"application/x-gzip","magic":"gzip compressed data, max compression","md5":"d119f8e03322afe1473939483e6a62f1","sha1":"a9f3d8a87a0bc2a11b260192fde7f2441c8cefda","sha256":"68f4344a81ef30358a890cb63470d396c26ddf5c8525482583cdc680dbb5d46e","sha512":"405c202fde8b8188dae57cdcd220b7e9b26ab815867ad634af1af52e4eaf00379415e89a52b2ff0e68796d01e0a2dcf09352c2a5e6b8c6239f7d101aa98c0c5e","ssdeep":"3072:9G7cdn4VAUS2hA3aEuA7q8bGnkhh62iMOVLcSGRyMo5jffDlpOv0:Z4E5uA55hxjOQRyjh3DXOv0","tlshash":"16f3139c4efb08f87c70799266f80184ee13e8096c4663b8d67a6b57179056cbbdc0e7","first_seen":"2024-08-19T23:02:08.201048Z","last_seen":"2024-08-19T23:02:08.201048Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.adsensecustomsearchads.com/afs/ads?adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol415%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202\u0026client=dp-bodis30_3ph\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=https%3A%2F%2Fr34.xxx%2F%3Fcaf%3D1%26bpt%3D345\u0026terms=elden%20ring\u0026max_radlink_len=50\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2640601439763898\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442\u0026client_gdprApplies=1\u0026format=r3\u0026nocache=801715658844436\u0026num=0\u0026output=afd_ads\u0026domain_name=r34.xxx\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1715658844436\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=631415066\u0026rurl=https%3A%2F%2Fr34.xxx%2F","fqdn":"www.adsensecustomsearchads.com","domain":"adsensecustomsearchads.com","tld":"com"},"ip":{"addr":"216.58.211.14","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:04.586319969Z","timestamp":1715658844586,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /afs/ads?adtest=off\u0026psid=3113057640\u0026pcsa=false\u0026channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol415%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol202\u0026client=dp-bodis30_3ph\u0026r=m\u0026hl=en\u0026ivt=0\u0026rpbu=https%3A%2F%2Fr34.xxx%2F%3Fcaf%3D1%26bpt%3D345\u0026terms=elden%20ring\u0026max_radlink_len=50\u0026type=3\u0026uiopt=false\u0026swp=as-drid-2640601439763898\u0026oe=UTF-8\u0026ie=UTF-8\u0026fexp=21404%2C17301437%2C17301439%2C17301442\u0026client_gdprApplies=1\u0026format=r3\u0026nocache=801715658844436\u0026num=0\u0026output=afd_ads\u0026domain_name=r34.xxx\u0026v=3\u0026bsl=8\u0026pac=0\u0026u_his=2\u0026u_tz=0\u0026dt=1715658844436\u0026u_w=1280\u0026u_h=1024\u0026biw=1280\u0026bih=1024\u0026psw=1280\u0026psh=922\u0026frm=0\u0026uio=-\u0026cont=rs\u0026drt=0\u0026jsid=caf\u0026jsv=631415066\u0026rurl=https%3A%2F%2Fr34.xxx%2F HTTP/1.1\r\nHost: www.adsensecustomsearchads.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r34.xxx/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-disposition: inline\r\ndate: Tue, 14 May 2024 03:54:04 GMT\r\nexpires: Tue, 14 May 2024 03:54:04 GMT\r\ncache-control: private, max-age=3600\r\ncontent-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-W3ULDzeGfpq8xJzvgBq5wg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"gws\"\r\nreport-to: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\ncontent-encoding: br\r\nserver: gws\r\ncontent-length: 566\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":566,"size_decoded":1102,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (608)","md5":"def62055067fb63daa66bfb94ca7d094","sha1":"9822ed8d66ca53f1b652f80f1ba10a1e84e3c23c","sha256":"3dbee1b01b6801b5a218a395270d8a06a8e10fc744ecbc7a6cf971d08068d61f","sha512":"45cbdc51b0d55e0d48644a578b5626443e8f4bca6972cd1b001ea9bc44f7fae6f2e8943862629e29a392f9b9e07e1c02b20a5fe03438ca341ca025fa1a653b66","ssdeep":"","tlshash":"8b1146d12c648532c9b715190edf7750184cb470b29f2748d09ca4a921edfddca2b2bb","first_seen":"2024-08-19T23:02:08.201841Z","last_seen":"2024-08-19T23:02:08.201841Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.adsensecustomsearchads.com/adsense/domains/caf.js","fqdn":"www.adsensecustomsearchads.com","domain":"adsensecustomsearchads.com","tld":"com"},"ip":{"addr":"216.58.211.14","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:04.988244068Z","timestamp":1715658844988,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /adsense/domains/caf.js HTTP/1.1\r\nHost: www.adsensecustomsearchads.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.adsensecustomsearchads.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Tue, 14 May 2024 03:54:04 GMT\r\nexpires: Tue, 14 May 2024 03:54:04 GMT\r\ncache-control: private, max-age=3600\r\netag: \"1211060000171269328\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://www.adsensecustomsearchads.com\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":83222,"size_decoded":83222,"mime_type":"application/x-gzip","magic":"gzip compressed data, max compression","md5":"1982f1bee0cb1781f7ff1b54bd87434d","sha1":"efbcb344f2ef7d3c9bb5ba3bd4bdb0a80791106f","sha256":"61dd2182f76a2c5be5c8d00fe28be20a8733225bd94461c8681a104ca9763dc1","sha512":"59d36f67a6e616cd9c52e358e18ee2efcaba95259d13319fd5654dc12e7deb5518e467ac709627f2bf3ede62170229b8c187bc0a65ce8253c098758c94480a58","ssdeep":"1536:IWZtKXw3bS5jdTgkfWLxmG/sdyDDdb7TBBtKyDqmeuVhUF96zIPD2k9PD6NJaEBe:cXiGjTGdmzdy/db7kw9eurUF96zqT8Ir","tlshash":"7d8312987df5de04f136eb3e47f49c85d540327c4aa4958723fa63ba743742809f4aa8","first_seen":"2024-08-19T23:02:08.202803Z","last_seen":"2024-08-19T23:02:08.202803Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r34.xxx/_zc","fqdn":"r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.59.243.225","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-05-14T03:54:05.237141822Z","timestamp":1715658845237,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /_zc HTTP/1.1\r\nHost: r34.xxx\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://r34.xxx/\r\nContent-Type: application/json\r\nContent-Length: 5617\r\nOrigin: https://r34.xxx\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: parking_session=5c4f3a99-f695-44a9-8712-40c4962589eb; _ga_WQH4X42ES7=GS1.1.1715658844.1.0.1715658844.0.0.0; _ga=GA1.1.1975262091.1715658845\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Tue, 14 May 2024 03:54:04 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Encoding: gzip\r\nContent-Length: 178\r\nX-Version: 2.118.0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache\r\nSet-Cookie: parking_session=5c4f3a99-f695-44a9-8712-40c4962589eb; expires=Tue, 14 May 2024 04:09:05 GMT; Max-Age=900; path=/; httponly\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":178,"size_decoded":181,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"b1748da99a88ebff6341f75e673e4e97","sha1":"367a2d09d30f467fb2e5fc851e8d11e867d31a4b","sha256":"0a2013dd76ed405f6ee8c3213d1970c305719dd63b8e53b4ce119eeb6107a1c1","sha512":"eea347122e99f1566a6a0314dd6bee847b3290f4f200a26ec38d941aa8f753df046101626cc7cd6508186fd202dd0c3efbd0523c78fcb73f21672fc33ba5d0f4","ssdeep":"","tlshash":"a5c0c0fb01735744a2203010af15320883c088f02b4cb206035961ddb0038d1cdde1c0","first_seen":"2024-08-19T23:02:08.20359Z","last_seen":"2024-08-19T23:02:08.20359Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I","fqdn":"ww01.r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.191.50.153","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-14T03:54:05.267Z","timestamp":1715658845267,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww01.r34.xxx","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 12 Mar 2024 00:00:00 GMT","end":"Mon, 10 Jun 2024 23:59:59 GMT"},"fingerprint":{"sha1":"B9:FA:26:4D:77:A8:63:7A:77:3F:17:DE:5D:83:36:A3:BB:67:3D:7F","sha256":"55:BE:11:ED:AA:77:03:2C:27:92:8B:CE:A7:E1:90:5A:CB:BA:F0:A0:A9:21:06:AD:86:29:AA:5E:21:33:09:2C"}}},"request":{"raw":"GET /?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I HTTP/1.1\r\nHost: ww01.r34.xxx\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: _ga_WQH4X42ES7=GS1.1.1715658844.1.0.1715658844.0.0.0; _ga=GA1.1.1975262091.1715658845\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: openresty\r\nDate: Tue, 14 May 2024 03:54:04 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 300\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":300,"size_decoded":300,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"2b851633e6df3ef40cc9673948443098","sha1":"58079671ea6d00043b1efb7e7c15ecde87539917","sha256":"f97e4c3b4a47510476804d67a7e8c7c2b662d2a393a6167131c49486c7719c0b","sha512":"b27a5772629174d280e7d9e8e021da4fd85165335db87532f36146591b4e9681b7f2a4f4b111e7a113a0122c8bf55446df0c1ea69b14138a540835cc7acc8a11","ssdeep":"","tlshash":"9ce02b3f60001c0e15b2e03879c33f0657afab52819d2584a1e5426bdbcbbeac9c735a","first_seen":"2023-08-18T17:29:17Z","last_seen":"2024-09-19T22:38:57.2019Z","times_seen":162,"resource_available":false,"data":null}},"time_used":2233,"timings":{"blocked":995,"dns":42,"connect":106,"send":0,"wait":244,"receive":0,"ssl":844},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:06Z","timestamp":1715658846,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"172.18.0.17","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:06.900610+0000\",\"flow_id\":656592594692677,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":786,\"bytes_toclient\":670,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:06Z","timestamp":1715658846,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"172.18.0.17","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:06.900610+0000\",\"flow_id\":208906678594117,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":786,\"bytes_toclient\":670,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I","fqdn":"ww01.r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.191.50.153","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-14T03:54:05.267Z","timestamp":1715658845267,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ww01.r34.xxx","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 12 Mar 2024 00:00:00 GMT","end":"Mon, 10 Jun 2024 23:59:59 GMT"},"fingerprint":{"sha1":"B9:FA:26:4D:77:A8:63:7A:77:3F:17:DE:5D:83:36:A3:BB:67:3D:7F","sha256":"55:BE:11:ED:AA:77:03:2C:27:92:8B:CE:A7:E1:90:5A:CB:BA:F0:A0:A9:21:06:AD:86:29:AA:5E:21:33:09:2C"}}},"request":{"raw":"GET /?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I HTTP/1.1\r\nHost: ww01.r34.xxx\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_WQH4X42ES7=GS1.1.1715658844.1.0.1715658844.0.0.0; _ga=GA1.1.1975262091.1715658845\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 14 May 2024 03:54:05 GMT\r\nServer: Apache\r\nContent-Length: 300\r\nKeep-Alive: timeout=5, max=118\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":300,"size_decoded":300,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"dfca6c9521a05229a88b57be32312d30","sha1":"074cf063361923f7593e794848b9b7c6c2569069","sha256":"c13dbafe6761fe525bd139e82e4839283525db1755569646b19947a61cfefb80","sha512":"c89de43026636dc52ff02d69b42ff48f7ad67bccf49027ba632bede80027724de0b691c32dbded88ff539b9c182c30c2de7cfde705e2b5c01265976e2057c244","ssdeep":"","tlshash":"8ce02b3f60001d0e15b2b03879c33f074bafab52819d2584a1e5425b9bcbbeacdc735a","first_seen":"2023-08-17T15:53:07Z","last_seen":"2024-09-19T22:43:21.073913Z","times_seen":187,"resource_available":false,"data":null}},"time_used":2233,"timings":{"blocked":995,"dns":42,"connect":106,"send":0,"wait":244,"receive":0,"ssl":844},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:06Z","timestamp":1715658846,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"172.18.0.17","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:06.900610+0000\",\"flow_id\":656592594692677,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":786,\"bytes_toclient\":670,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:06Z","timestamp":1715658846,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"172.18.0.17","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:06.900610+0000\",\"flow_id\":208906678594117,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":786,\"bytes_toclient\":670,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww01.r34.xxx/favicon.ico","fqdn":"ww01.r34.xxx","domain":"r34.xxx","tld":"xxx"},"ip":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I","date":"2024-05-14T03:54:06.986Z","timestamp":1715658846986,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww01.r34.xxx\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\r\nCookie: _ga_WQH4X42ES7=GS1.1.1715658844.1.0.1715658844.0.0.0; _ga=GA1.1.1975262091.1715658845\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 14 May 2024 03:54:05 GMT\r\nServer: Apache\r\nContent-Length: 10\r\nKeep-Alive: timeout=5, max=128\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":10,"size_decoded":10,"mime_type":"text/html; charset=iso-8859-1","magic":"ASCII text, with no line terminators","md5":"6608dd3e21ca3beabd4bdfa625a0b221","sha1":"e926d0f8694a4bc4013308afaca7af51e4c9fd9f","sha256":"c75eb01138771bfb2a5517aeae882356733782767c4560cc9601c34d2591ca75","sha512":"fb9a38c874cd26e779eaa5acfffccd3835620a41adbfe9b086c6a213bf0596f4f98823487f9c79b8f02f649b8b2e4d3232ffcb78106147b3ff671ed7809bbd51","ssdeep":"","tlshash":"f6500003000000003300000c000c0000c000c0000fcc0000300c000300300030000000","first_seen":"2023-04-05T09:28:17Z","last_seen":"2026-04-20T04:54:25.222755Z","times_seen":12383,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:07Z","timestamp":1715658847,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"172.18.0.17","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:07.081629+0000\",\"flow_id\":656592594692677,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":10},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1396,\"bytes_toclient\":988,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-14T03:54:07Z","timestamp":1715658847,"ip_dst":{"addr":"199.191.50.153","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"ip_src":{"addr":"172.18.0.17","port":36948,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET POLICY request to .xxx TLD","source":"{\"timestamp\":\"2024-05-14T03:54:07.081629+0000\",\"flow_id\":208906678594117,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":36948,\"dest_ip\":\"199.191.50.153\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2012694,\"rev\":6,\"signature\":\"ET POLICY request to .xxx TLD\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2011_04_20\"],\"updated_at\":[\"2020_09_15\"]}},\"http\":{\"hostname\":\"ww01.r34.xxx\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://ww01.r34.xxx/?dn=r34.xxx\u0026pbsubid=5c4f3a99-f695-44a9-8712-40c4962589eb\u0026pid=9POT3387I\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":10},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1396,\"bytes_toclient\":988,\"start\":\"2024-05-14T03:54:06.551493+0000\"}}"}],"analyzer":null,"urlquery":null}}]}