{"report_id":"bbbd0f58-5e69-44b2-939e-7c6c4700f2db","version":6,"status":"done","tags":[],"date":"2024-11-09T06:45:32Z","url":{"schema":"https","addr":"pxdoland.cc/register?i=070b08","fqdn":"pxdoland.cc","domain":"pxdoland.cc","tld":"cc"},"ip":{"addr":"192.64.119.110","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"mafiasex.cc/register","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"title":"Club Penguin"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-18T06:45:32Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mafiasex.cc","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-11-07","domain_rank":0,"first_seen":"2024-11-09T06:45:32.100997Z","last_seen":"2024-11-09T06:45:32.100997Z","alert_count":0,"request_count":5,"received_data":730361,"sent_data":2463,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img001.prntscr.com","ip":{"addr":"104.23.140.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2010-01-07","domain_rank":0,"first_seen":"2022-02-19T16:13:18Z","last_seen":"2024-10-29T11:51:38.394924Z","alert_count":0,"request_count":1,"received_data":712351,"sent_data":450,"comment":"","tags":null,"fingerprints":null},{"fqdn":"5kteens.cc","ip":{"addr":"104.21.86.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":68727,"sent_data":481,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pxdoland.cc","ip":{"addr":"192.64.119.110","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2024-11-02","domain_rank":0,"first_seen":"2024-11-04T02:30:05.414604Z","last_seen":"2024-11-04T02:30:05.414604Z","alert_count":2,"request_count":2,"received_data":550,"sent_data":661,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-09T06:45:20Z","timestamp":1731134720,"ip_dst":{"addr":"172.18.0.22","port":50918,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.64.119.110","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2024-11-09T06:45:20.887894+0000\",\"flow_id\":232463040700835,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.64.119.110\",\"src_port\":80,\"dest_ip\":\"172.18.0.22\",\"dest_port\":50918,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"pxdoland.cc\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://mafiasex.cc\",\"length\":42},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":42,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":602,\"bytes_toclient\":549,\"start\":\"2024-11-09T06:45:10.516515+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-09T06:45:22Z","timestamp":1731134722,"ip_dst":{"addr":"172.18.0.22","port":50924,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.64.119.110","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2024-11-09T06:45:22.064104+0000\",\"flow_id\":114467404222084,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.64.119.110\",\"src_port\":80,\"dest_ip\":\"172.18.0.22\",\"dest_port\":50924,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"pxdoland.cc\",\"url\":\"/register?i=070b08\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://mafiasex.cc\",\"length\":42},\"files\":[{\"filename\":\"/register\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":42,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":739,\"bytes_toclient\":549,\"start\":\"2024-11-09T06:45:11.626308+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mafiasex.cc/js/main.js","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1971a6c07e39f40fbde1483f94784fc","sha1":"13fda9ab796fe89a794a90ab1adc6d1deb7ae676","sha256":"8c1240d51d230d03a79084e15653631a19e636a66c0f41b61d3c50a66587ea91","sha512":"1621fd0b85786e18c71b8bdd349da1ec01e3d0a11a5c93223558bec7a2bd5c5dff0770d72df6ac5b20fbea64ae3a5f8031873860d182da609d81939193af96d1","ssdeep":"","tlshash":"f051eea93ada30740a97516f2c83d28054b0b46bf511564a3f2ccc50c3e6d88a6b6ee4","size":2893,"data":"","first_seen":"2024-11-09T06:45:36.027615Z","last_seen":"2024-11-13T00:51:42.250092Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mafiasex.cc/register","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"a4f03095c568bcb18a0fb27d2b75f8e83a7434c5d04169073c0c4d6dd39032da3b9a90","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T13:47:07.33171Z","times_seen":13377129,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"pxdoland.cc/","fqdn":"pxdoland.cc","domain":"pxdoland.cc","tld":"cc"},"ip":{"addr":"192.64.119.110","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-11-09T06:45:10.770808797Z","timestamp":1731134710770,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: pxdoland.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Sat, 09 Nov 2024 06:45:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 42\r\nConnection: keep-alive\r\nLocation: https://mafiasex.cc\r\nX-Served-By: Namecheap URL Forward\r\nServer: namecheap-nginx\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":42,"size_decoded":42,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"321846953e891c23f81cabca61966d21","sha1":"d10d1400832c1b339b99e974c10ffc6eca01b2df","sha256":"bbfcc99a46347fbe72fb04c2bbba2d72c550e3f60aed069e1c0142987728c02b","sha512":"742713274014bdedd90b946cd9a04cb00cc78c40866db58a2671e5adf87bdade9cbf4214a7866d0908c11fc797364792bd9a0be21b22f76289643726995a4c9d","ssdeep":"","tlshash":"049002560de9200906110264d806280d984715957490510054a60c0264001714166246","first_seen":"2024-11-09T06:45:36.016286Z","last_seen":"2025-01-19T00:15:26.802303Z","times_seen":5,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-09T06:45:20Z","timestamp":1731134720,"ip_dst":{"addr":"172.18.0.22","port":50918,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.64.119.110","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2024-11-09T06:45:20.887894+0000\",\"flow_id\":232463040700835,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.64.119.110\",\"src_port\":80,\"dest_ip\":\"172.18.0.22\",\"dest_port\":50918,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"pxdoland.cc\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://mafiasex.cc\",\"length\":42},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":42,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":602,\"bytes_toclient\":549,\"start\":\"2024-11-09T06:45:10.516515+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mafiasex.cc/","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-09T06:45:11.861Z","timestamp":1731134711861,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mafiasex.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 Nov 2024 17:09:52 GMT","end":"Wed, 05 Feb 2025 17:09:51 GMT"},"fingerprint":{"sha1":"A2:86:CB:0F:44:8D:C9:ED:A2:B0:C4:2D:3F:E4:7A:44:97:45:C8:F7","sha256":"B6:F9:17:E0:22:44:89:90:B1:32:73:5B:06:02:8A:EA:C9:4D:95:FE:93:CB:72:E3:94:83:0D:10:2B:C5:A3:E3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mafiasex.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sat, 09 Nov 2024 06:45:11 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 43\r\nx-powered-by: Express\r\nlocation: /register\r\nvary: Accept\r\nset-cookie: connect.sid=s%3Anga0mPv7b0iZvyGIWopNjbFt24a_pQUu.SST7AXVSe1xhVnVllIyXG1Ca5EHu%2Bk5ngmcORjcS9Ys; Path=/; HttpOnly\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=pTSW9Uh%2Bip%2BhZBhqpAqggNetJnXKzDrup7rOP5CkIMTtw9Nnza0YhHtmqHhmfykXrxN%2BLGONc9uGoNcYC8wFUgOCMFafRKrAA8HZ788cC2xcWSorQBQoDtv%2BqkkutA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8dfbd6a73997b4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=31676\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3275\u0026recv_bytes=1145\u0026delivery_rate=247113\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=230453d84de81820\u0026ts=384\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":43,"size_decoded":43,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"55522fdc37f6dca7385b20332322e842","sha1":"cae00cb10d2e6ce6b7122cbbbaa6d230bdd3e3a8","sha256":"3399c8130bc08a1f67dd11f6e2c28c0a1f77ae9a35ad0c45b6f6ca6685d60e21","sha512":"8f170f951a8eaf8dfbb8239a6ff80bb0c7f4327921d62eed508d40481b39b11a2906aa87f06e8ffcca841746849ec7e2e747f41e8ae8c1a2ad2a5af86b85f69b","ssdeep":"","tlshash":"b990044cd74050f715d7371cdc400334d75d4014570c0117453043c454030535d310c3","first_seen":"2024-07-30T13:46:52Z","last_seen":"2024-12-13T04:28:12.067767Z","times_seen":79,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":53,"dns":1,"connect":17,"send":0,"wait":203,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pxdoland.cc/register?i=070b08","fqdn":"pxdoland.cc","domain":"pxdoland.cc","tld":"cc"},"ip":{"addr":"192.64.119.110","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-09T06:45:11.628Z","timestamp":1731134711628,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /register?i=070b08 HTTP/1.1\r\nHost: pxdoland.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Sat, 09 Nov 2024 06:45:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 42\r\nConnection: keep-alive\r\nLocation: https://mafiasex.cc\r\nX-Served-By: Namecheap URL Forward\r\nServer: namecheap-nginx\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":42,"size_decoded":42,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"321846953e891c23f81cabca61966d21","sha1":"d10d1400832c1b339b99e974c10ffc6eca01b2df","sha256":"bbfcc99a46347fbe72fb04c2bbba2d72c550e3f60aed069e1c0142987728c02b","sha512":"742713274014bdedd90b946cd9a04cb00cc78c40866db58a2671e5adf87bdade9cbf4214a7866d0908c11fc797364792bd9a0be21b22f76289643726995a4c9d","ssdeep":"","tlshash":"049002560de9200906110264d806280d984715957490510054a60c0264001714166246","first_seen":"2024-11-09T06:45:36.016286Z","last_seen":"2025-01-19T00:15:26.802303Z","times_seen":5,"resource_available":false,"data":null}},"time_used":343,"timings":{"blocked":113,"dns":1,"connect":115,"send":0,"wait":113,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-09T06:45:22Z","timestamp":1731134722,"ip_dst":{"addr":"172.18.0.22","port":50924,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.64.119.110","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2024-11-09T06:45:22.064104+0000\",\"flow_id\":114467404222084,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.64.119.110\",\"src_port\":80,\"dest_ip\":\"172.18.0.22\",\"dest_port\":50924,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"pxdoland.cc\",\"url\":\"/register?i=070b08\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://mafiasex.cc\",\"length\":42},\"files\":[{\"filename\":\"/register\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":42,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":739,\"bytes_toclient\":549,\"start\":\"2024-11-09T06:45:11.626308+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mafiasex.cc/css/main.css","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mafiasex.cc/register","date":"2024-11-09T06:45:12.527Z","timestamp":1731134712527,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mafiasex.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 Nov 2024 17:09:52 GMT","end":"Wed, 05 Feb 2025 17:09:51 GMT"},"fingerprint":{"sha1":"A2:86:CB:0F:44:8D:C9:ED:A2:B0:C4:2D:3F:E4:7A:44:97:45:C8:F7","sha256":"B6:F9:17:E0:22:44:89:90:B1:32:73:5B:06:02:8A:EA:C9:4D:95:FE:93:CB:72:E3:94:83:0D:10:2B:C5:A3:E3"}}},"request":{"raw":"GET /css/main.css HTTP/1.1\r\nHost: mafiasex.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mafiasex.cc/register\r\nCookie: connect.sid=s%3AOEsXW_wP6IP2TYlz_Ha3SnS16LoyaVEg.V4V6cqnaEzz28LE7NxkRngmMAcPqeCjxTcZN4b%2Bg47A\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 09 Nov 2024 06:45:12 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nx-powered-by: Express\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 25 Oct 2024 08:49:40 GMT\r\netag: W/\"587e-192c2ddfc40\"\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=8IzQvdXvpkg%2BdzwNt0U9eZ3b6VNwbira%2B5rHkuxbqUaULvQqkmM78jItETID%2F97%2B9Wuy8KQfZcYjH9WzzDNJFDAJ38yyQwUDETCloxhj%2F%2BNNuRX1%2Fade7oxnYji6Wg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8dfbd6b14c70b511-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=21299\u0026sent=14\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=5731\u0026recv_bytes=1519\u0026delivery_rate=2297\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=ffa6dd8885a31d36\u0026ts=862\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":716273,"size_decoded":22654,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"a77425c2d0ec997e4e3e8c7be183a86a","sha1":"f851e3c0bacfd526a594b31f2a0e0f708a291621","sha256":"ce72d06429bf9205c3580ac93691130a4c6f25c0e652de035a3a135768dc379f","sha512":"c3730cf293132f6083de08977d38090a622408099c36fa01519e27f1f5368436efa9ec11c20faad99e22b23237586ab320665d73fb65b6b632b104f567c677a9","ssdeep":"384:cO9UO29OUn/DOflTMgvfXKCw0OIer5nWJqxmEt:cO9UT/QOFRZxmEt","tlshash":"50a21014ce101146b237d92c6bf28658ea6d6093ce061bbd7f98a394cffa558d361f88","first_seen":"2024-10-31T15:57:25.239012Z","last_seen":"2024-11-17T05:17:56.068697Z","times_seen":6,"resource_available":false,"data":null}},"time_used":478,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":478,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mafiasex.cc/favicon.ico","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mafiasex.cc/register","date":"2024-11-09T06:45:13.226Z","timestamp":1731134713226,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mafiasex.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 Nov 2024 17:09:52 GMT","end":"Wed, 05 Feb 2025 17:09:51 GMT"},"fingerprint":{"sha1":"A2:86:CB:0F:44:8D:C9:ED:A2:B0:C4:2D:3F:E4:7A:44:97:45:C8:F7","sha256":"B6:F9:17:E0:22:44:89:90:B1:32:73:5B:06:02:8A:EA:C9:4D:95:FE:93:CB:72:E3:94:83:0D:10:2B:C5:A3:E3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mafiasex.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mafiasex.cc/register\r\nCookie: connect.sid=s%3AOEsXW_wP6IP2TYlz_Ha3SnS16LoyaVEg.V4V6cqnaEzz28LE7NxkRngmMAcPqeCjxTcZN4b%2Bg47A\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 Moved Permanently\r\ndate: Sat, 09 Nov 2024 06:45:13 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 43\r\nx-powered-by: Express\r\nlocation: /register\r\nvary: Accept, Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=b8R8I96nVnR1B1gkPCkN3cn1FawoJdAN%2BfcRhJrb9jgpNOWpmOqxHXtEMstTEB4%2BBHGHhv3gGjZjo9%2F6Otkx7J78nGH37tu47Q3xQNnmTfOmc85umep1KLYlUtbF7w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8dfbd6b5a8e8b511-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=20849\u0026sent=20\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=11310\u0026recv_bytes=1910\u0026delivery_rate=313636\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=ffa6dd8885a31d36\u0026ts=1441\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":43,"size_decoded":43,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"55522fdc37f6dca7385b20332322e842","sha1":"cae00cb10d2e6ce6b7122cbbbaa6d230bdd3e3a8","sha256":"3399c8130bc08a1f67dd11f6e2c28c0a1f77ae9a35ad0c45b6f6ca6685d60e21","sha512":"8f170f951a8eaf8dfbb8239a6ff80bb0c7f4327921d62eed508d40481b39b11a2906aa87f06e8ffcca841746849ec7e2e747f41e8ae8c1a2ad2a5af86b85f69b","ssdeep":"","tlshash":"b990044cd74050f715d7371cdc400334d75d4014570c0117453043c454030535d310c3","first_seen":"2024-07-30T13:46:52Z","last_seen":"2024-12-13T04:28:12.067767Z","times_seen":79,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":361,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mafiasex.cc/register","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-09T06:45:12.123Z","timestamp":1731134712123,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mafiasex.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 Nov 2024 17:09:52 GMT","end":"Wed, 05 Feb 2025 17:09:51 GMT"},"fingerprint":{"sha1":"A2:86:CB:0F:44:8D:C9:ED:A2:B0:C4:2D:3F:E4:7A:44:97:45:C8:F7","sha256":"B6:F9:17:E0:22:44:89:90:B1:32:73:5B:06:02:8A:EA:C9:4D:95:FE:93:CB:72:E3:94:83:0D:10:2B:C5:A3:E3"}}},"request":{"raw":"GET /register HTTP/1.1\r\nHost: mafiasex.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mafiasex.cc/register\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3AOEsXW_wP6IP2TYlz_Ha3SnS16LoyaVEg.V4V6cqnaEzz28LE7NxkRngmMAcPqeCjxTcZN4b%2Bg47A\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 09 Nov 2024 06:45:13 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\ncf-cache-status: DYNAMIC\r\npriority: u=6,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=sYHRJN9EWkwh0FzDUIZSY2www%2FiLer%2BTo9mxf9vdrueaAspK7W7IfGCVdBCq7EV9nFNriRtkqMZIyn43fJ6FxsQgNet8o25a9Vf3Ikg10zkNWoZfJMmxNFmET41bWg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8dfbd6b80ad9b511-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=21341\u0026sent=22\u0026recv=12\u0026lost=0\u0026retrans=0\u0026sent_bytes=12073\u0026recv_bytes=2299\u0026delivery_rate=1933\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=ffa6dd8885a31d36\u0026ts=1666\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6551,"size_decoded":5079,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"364f768e10a94071ca0710c973cc157c","sha1":"465e32a1e0927d425368dbf0bdee2677dce2f772","sha256":"7183afb22793a71c800519d395e74b65709f7a2ae26f237eed65313b537ec818","sha512":"6cf7c981c2617761715046a00afd4221b734efc619e1c819bc8f82c20363a111019151ccc45fff53e2ca2cbdd8cca34570f42d5e5d8eecd4738e0e57857bc4e5","ssdeep":"96:6n8PoCEWLKAcR2jFL8sRvxAYfLDPETauZM:6nUoCT2ML8sRvxAmLLETTM","tlshash":"c8a1dce2c5c01c266232c2681e91f558feb1c1c3d34a2d4175dc2e8b1ff3e9486a3626","first_seen":"2024-11-09T06:45:36.020801Z","last_seen":"2024-11-09T06:45:36.020801Z","times_seen":1,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img001.prntscr.com/file/img001/UI_ecKNDQ4WvDgKGGmZNTA.png","fqdn":"img001.prntscr.com","domain":"prntscr.com","tld":"com"},"ip":{"addr":"104.23.140.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mafiasex.cc/register","date":"2024-11-09T06:45:13.016Z","timestamp":1731134713016,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prntscr.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 24 Sep 2024 23:26:49 GMT","end":"Mon, 23 Dec 2024 23:26:48 GMT"},"fingerprint":{"sha1":"A9:D0:1A:5D:A2:44:81:D1:15:41:D5:4D:03:A8:0C:A7:D2:85:72:37","sha256":"B2:A3:B9:1C:62:5E:EA:2D:09:48:D9:18:8B:1E:F1:78:94:6E:59:56:61:37:F7:FF:51:F6:D7:B2:B8:60:58:1E"}}},"request":{"raw":"GET /file/img001/UI_ecKNDQ4WvDgKGGmZNTA.png HTTP/1.1\r\nHost: img001.prntscr.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mafiasex.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 09 Nov 2024 06:45:13 GMT\r\ncontent-type: image/webp\r\ncontent-length: 711556\r\ncache-control: max-age=31536000\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=1998490\r\ncontent-disposition: inline; filename=\"UI_ecKNDQ4WvDgKGGmZNTA.webp\"\r\nstrict-transport-security: max-age=63072000\r\nvary: Accept\r\nx-bz-upload-timestamp: 1729830571187\r\nx-bz-content-sha1: 9ff1a48d6916e93e54af8c1558da7f98f2662643\r\nx-bz-file-id: 4_z51bcbe33c7b20fe37efb0b11_f11423f1338c41976_d20241025_m042931_c004_v0402016_t0048_u01729830571187\r\nx-bz-file-name: UI_ecKNDQ4WvDgKGGmZNTA.png\r\nlast-modified: Fri, 25 Oct 2024 04:29:35 GMT\r\ncf-cache-status: HIT\r\nage: 1231698\r\naccept-ranges: bytes\r\nserver: cloudflare\r\ncf-ray: 8dfbd6b4dc350b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":711556,"size_decoded":711556,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1e9dbd836c8d2ec0aefbb56982cd1617","sha1":"0ee7d79bb472fd95313802f993ed48a59b325e43","sha256":"a500e9e930cbb1774654d71f0aa53f0755bc430228f65879b05f212218ba62e9","sha512":"7e049f907f6c87a19ee8fb82dafcade3307aba3c0500e1ee3cdc8aab64a59c76b5e03c5bcfd2dbfca87a4f806263f5e1bad6b688111c7ae10b23e4f4d543c1a8","ssdeep":"12288:FZc01VC9PPGImMpKHZwbZyoHTaS1y+61yoe022PXBabuhJxj:hCtu2pKHwyozRZf022PxLh","tlshash":"dee4234054fdac1916af1de9b355b4170098ca2e8666f7c41eaddcff22788cf5190e8e","first_seen":"2024-10-28T00:54:10.659737Z","last_seen":"2024-12-13T06:38:49.389239Z","times_seen":15,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":76,"dns":22,"connect":17,"send":0,"wait":32,"receive":82,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mafiasex.cc/js/main.js","fqdn":"mafiasex.cc","domain":"mafiasex.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mafiasex.cc/register","date":"2024-11-09T06:45:12.529Z","timestamp":1731134712529,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mafiasex.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 Nov 2024 17:09:52 GMT","end":"Wed, 05 Feb 2025 17:09:51 GMT"},"fingerprint":{"sha1":"A2:86:CB:0F:44:8D:C9:ED:A2:B0:C4:2D:3F:E4:7A:44:97:45:C8:F7","sha256":"B6:F9:17:E0:22:44:89:90:B1:32:73:5B:06:02:8A:EA:C9:4D:95:FE:93:CB:72:E3:94:83:0D:10:2B:C5:A3:E3"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: mafiasex.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mafiasex.cc/register\r\nCookie: connect.sid=s%3AOEsXW_wP6IP2TYlz_Ha3SnS16LoyaVEg.V4V6cqnaEzz28LE7NxkRngmMAcPqeCjxTcZN4b%2Bg47A\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 09 Nov 2024 06:45:12 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nx-powered-by: Express\r\ncache-control: public, max-age=14400\r\nlast-modified: Sat, 09 Nov 2024 00:54:58 GMT\r\netag: W/\"b4d-1930e6ac33a\"\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=88RYlCUdoGEAndIBqnGqsO39lY5uEzugze0KooUj1sVr0uA1vAqHuFRlaZkySp2MnjhiqbGdNDEbRjZWBtY8RTT5PMvlSvOS1SoLw3ipoZmxDKIqbP60WyVXFcsv1g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8dfbd6b15c78b511-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=21832\u0026sent=12\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=4069\u0026recv_bytes=1476\u0026delivery_rate=24461\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=ffa6dd8885a31d36\u0026ts=762\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2893,"size_decoded":2893,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (3065), with no line terminators","md5":"0987f9bb6a1e823812f2d5d37a8cf39c","sha1":"86abba38b53ec0720f72c449335316bdb71d03cc","sha256":"816c5b4ed5b826f3b23df9c8a29108ec0ea8e64849c9a9677833751d8804da27","sha512":"bfc811392da4c0aadf866b8ec9153f6b5c09627e30c23f582897d3490db11c1375c648102d7f4c4e7c15d7d3e5be7805fa835e1c7217a7ffef8f3336584d266a","ssdeep":"","tlshash":"a451ffa93ada30740e97516f2c83d38054b0b46bf511564a3f2ccc50c3e6dcca6b6ee4","first_seen":"2024-11-09T06:45:36.024372Z","last_seen":"2024-11-09T06:45:36.024372Z","times_seen":1,"resource_available":false,"data":null}},"time_used":375,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":375,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"5kteens.cc/free/intro.mp4","fqdn":"5kteens.cc","domain":"5kteens.cc","tld":"cc"},"ip":{"addr":"104.21.86.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://mafiasex.cc/register","date":"2024-11-09T06:45:12.595Z","timestamp":1731134712595,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5kteens.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 Nov 2024 17:04:02 GMT","end":"Wed, 05 Feb 2025 17:04:01 GMT"},"fingerprint":{"sha1":"17:FE:68:C5:91:E6:19:E7:A3:F7:2E:9A:E7:82:14:77:81:EE:8A:66","sha256":"1A:C9:11:9D:AD:B6:DC:A2:CF:32:24:B0:D8:0D:CC:73:00:21:85:09:99:58:D3:BE:C5:8C:5F:30:FD:77:17:5D"}}},"request":{"raw":"GET /free/intro.mp4 HTTP/1.1\r\nHost: 5kteens.cc\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mafiasex.cc/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sat, 09 Nov 2024 06:45:13 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 7432455\r\nx-powered-by: Express\r\ncache-control: public, max-age=14400\r\nlast-modified: Wed, 06 Nov 2024 00:15:17 GMT\r\netag: W/\"716907-192fed35aa4\"\r\ncf-cache-status: EXPIRED\r\ncontent-range: bytes 0-7432454/7432455\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=C6OwJwGms2jT7syjV5yrtY6B3G5V9GuehKAhdz2s5xruvyYFtPgz9EvVBvPEXtqid202fuRr6PEpMoW095ZkCHARr69oo91M8ENVloO%2FnE3CmCyRPo%2B%2FFtzQkkYt\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8dfbd6b27a727129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=28869\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3269\u0026recv_bytes=1235\u0026delivery_rate=210761\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=df96a496304673db\u0026ts=426\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":67779,"size_decoded":67779,"mime_type":"video/quicktime","magic":"ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT)","md5":"221767d5b4e16a0994bed107b195fca6","sha1":"44fd4d79e8c38f14a811b88bee99d6906e2fa63f","sha256":"d915d067566075eb4e10054ad93dbd696c5353ee22823ae735c8b7af0e2f9654","sha512":"2d271a9e4ee5d670711d0f23f2ca7e30eb519a2a6981a6159f0aa482a5fb5e6e847d99384aeb86b7707bfd357e62226c7691075d92bbff974f19645c39f135bb","ssdeep":"1536:uehsKrC3QYOK9WzFnNeAzE2MK9teEQqKswVVpd2S8E6HVDh:fsKrYQdjpNeyE2H9teTpVuST6HVDh","tlshash":"6b63010be290e5cce5b2c73d5f31e03db35d661a970d9d24906342db8b2d228d6eec15","first_seen":"2024-11-09T06:45:36.026036Z","last_seen":"2024-11-09T06:45:36.026036Z","times_seen":1,"resource_available":false,"data":null}},"time_used":736,"timings":{"blocked":113,"dns":49,"connect":25,"send":0,"wait":409,"receive":101,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}