{"report_id":"e9e3cdb5-dc75-4fc3-af41-39f966db2146","version":6,"status":"done","tags":["netflix","phishing"],"date":"2026-05-20T12:58:34Z","url":{"schema":"http","addr":"prime-memebrship.su","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":0,"asn":0,"as":"","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"prime-memebrship.su/checking","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"title":"Netflix","dom":{"size":16415,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (14899)","md5":"45a4458a39440bc9b906772f60bc16eb","sha1":"05227c38a12df413f91a01a35dbe3699575e12f3","sha256":"05bbc932d592115bfc6d46259997f613a18b0a2aeb105eeafbf425170673062d","sha512":"24cd7142b73ce4315393b103ed27a249d9e97779ae679a883653472ca0e150e428012fe102df345fc366834ec86814d71d213432e365f5d66d6151c110bf6e66","ssdeep":"192:pXzUgpOxWp35nTtXC2s1Bpu0qN4QOigg/JpcXTTruLxksc64JyhOq7vmnt:tzOx05nrGPKJgg8T4xksc64Jysq7vI","tlshash":"f9723584b41c12785d3fab01dec8973cd125b4426f624866b10e088ee9d7ff639e5f96","dom_hash":"domhasheee18251a2462b0eab148e7d87660097","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"prime-memebrship.su","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":0,"asn":0,"as":"","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-24T12:58:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]},"summary":[{"fqdn":"prime-memebrship.su","ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"domain_registered":"2026-04-22","domain_rank":0,"first_seen":"2026-05-20T12:58:36.589219Z","last_seen":"2026-05-20T12:58:36.58922Z","alert_count":48,"request_count":8,"received_data":1476289,"sent_data":3818,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.cdnfonts.com","ip":{"addr":"104.21.72.124","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-10-03","domain_rank":50661,"first_seen":"2020-06-10T09:02:17Z","last_seen":"2026-05-14T09:28:38.762584Z","alert_count":0,"request_count":1,"received_data":12060,"sent_data":407,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-17T22:21:01.756487Z","alert_count":0,"request_count":1,"received_data":22015,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"prime-memebrship.su/assets/index-DfqLmgj8.js","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"208cafc43bd38e596faeb95d82efac0c","sha1":"398821e4b49d662f7191657e6867f914a2f2b060","sha256":"71154dad7caf81424d9201fd0aa89d65eceae67a50d6791e39eb1053d9d0f33c","sha512":"6d7d0319633f0fa5cfd6a9890decc63311e0f00f7573db7e029e58de2b06738d181f2386fcb1239b06119fd94c3ddd790c23ab7be53dad395be58b5b0b6a38ca","ssdeep":"24576:ubp/LhtwLrXbX1AHxXu9nIBpoDsjHBoU3+knALD2ze8jSXkRbdeoQ2YACpBdefE8:uN/LhtwLrXbX1AHxXu9nIBpoDsjh33+I","tlshash":"50458cc87195b56d9be741d0507f1005b13a2a64f40d8490f17ce8ea2af498ab27bffd","size":1216122,"data":"","first_seen":"2026-05-20T12:58:40.53765Z","last_seen":"2026-05-20T12:58:40.53765Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"prime-memebrship.su/api/languages/public","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:13.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"GET /api/languages/public HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://prime-memebrship.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:13 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-powered-by: Express\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-credentials: true\r\netag: W/\"1f-fCet4LyQthT/tJmUdudM0Ic/z/c\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-permitted-cross-domain-policies: master-only\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9b76efeaafe592ae4b18cf49fb1d2983","sha1":"7c27ade0bc90b614ffb4999476e74cd0873fcff7","sha256":"54346d61a71a28655ff25ae12de87df5d5be3d546b77cdbfbb6c91f6041b724f","sha512":"75cd80ca72bba6af5e9f4fcfa32a2854cc872f04abc8ecbbbf6a689504cf765fbb5215e29ee74764f3ce729983ae6f2b9eeb1ce11a626d9fb21c745716c3a040","ssdeep":"","tlshash":"5d800002000008ebe200220020b8bf02a8a8002382002c0aa38c22ccaaa220220c308b","first_seen":"2026-05-17T13:40:56.631577Z","last_seen":"2026-05-20T12:58:40.51058Z","times_seen":2,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"prime-memebrship.su/api/clients/UdNx2cEAq6sZK","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:13.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"GET /api/clients/UdNx2cEAq6sZK HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://prime-memebrship.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:14 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-powered-by: Express\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-credentials: true\r\netag: W/\"371-S0zkWNAtjmo1s+jubhWG5UrO5GI\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-permitted-cross-domain-policies: master-only\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":881,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"27bee5ca81cc32708bd83e349a926bb7","sha1":"4b4ce458d02d8e6a35b3e8ee6e1586e54acee462","sha256":"bddd586996c885dce9cca339643342153db6fe64c14ff13d2dc6cf3ffa8a4bd2","sha512":"051c5c7dbcc1b91ffa10f7d0cfb86ee3c26b7552ad8e07488aa750b007b8fd738e9d96a0a2ffef9a48e5ec8b3b09ddde547cb751f10bcff7ce8e435212a8745a","ssdeep":"","tlshash":"2311cc6d00686db8de2643084109be4967fc121391c29d94cacd9e1caae87fe701b9ab","first_seen":"2026-05-20T12:58:40.515176Z","last_seen":"2026-05-20T12:58:40.515176Z","times_seen":1,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"prime-memebrship.su/favicon.ico","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:13.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://prime-memebrship.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:13 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 9854\r\nx-powered-by: Express\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 19 May 2026 20:00:40 GMT\r\netag: W/\"267e-19e41d37e40\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-permitted-cross-domain-policies: master-only\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":9854,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"58f54d9ea15176671802bebeee4da4cb","sha1":"4ba1cb97814772435962f3ac25af0def81851735","sha256":"9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3","sha512":"32e6c1ac6220b03bafb9215e4db4cf91352573c34a82accc893b4c7d4d3194d495e241c2f814372930a988688492926fe1d9a5576d2e46378c9f6d1e927c71db","ssdeep":"48:5uZhmwr2VEbaA+8H3J7HZqH0S/DHDHp8HfH5gAaqHwMqHBVqH/6BqHAtvqHAAcqK:shm0AN6YHEOFtwVPmyqPmorAtAco","tlshash":"8a12a02710c35d6cfe016eb8d297ec3a517d40ddeefe82e79a81bd390612146a5cb8e4","first_seen":"2023-09-08T13:51:14Z","last_seen":"2026-05-20T16:24:41.112376Z","times_seen":2067,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":62,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"prime-memebrship.su/api/antibot/score","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:16.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"POST /api/antibot/score HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://prime-memebrship.su/\r\nContent-Type: application/json\r\nContent-Length: 627\r\nOrigin: https://prime-memebrship.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":627,"data":"{\"uid\":\"UdNx2cEAq6sZK\",\"fingerprint\":{\"webdriver\":false,\"pluginCount\":5,\"languages\":[\"en-US\",\"en\"],\"screenWidth\":1280,\"screenHeight\":1024,\"colorDepth\":24,\"pixelRatio\":1,\"windowWidth\":1280,\"windowHeight\":1024,\"touchMismatch\":false,\"timezoneOffset\":0,\"timezone\":\"UTC\",\"webglRenderer\":\"llvmpipe\",\"webglVendor\":\"Mesa\",\"headlessRenderer\":true,\"canvasBlank\":false,\"missingAPIs\":0,\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\"},\"behavior\":{\"mouseMoveCount\":0,\"mouseDistancePx\":0,\"clickCount\":0,\"scrollCount\":0,\"keyCount\":0,\"timeToFirstInteractionMs\":null,\"observationDurationMs\":2500}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:16 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-powered-by: Express\r\naccess-control-allow-origin: https://prime-memebrship.su\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-credentials: true\r\netag: W/\"1c-lwiUvONjtWnm0oI+A4f8mgORXRk\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-permitted-cross-domain-policies: master-only\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fcb2a7c8ee5b43d0b0f20309d278c415","sha1":"970894bce363b569e6d2823e0387fc9a03915d19","sha256":"b98d4496513962d2a32e3a0fe3e8683cc625ccc53cbe56d583cdfdac7572fe2b","sha512":"5a9671c513371d8a02654ef33e1feae431a3f8e7d38d39d22ce55e40c4c1913e83bb3696d56fca83d94ed74c9c20764fd9150633f30ab9d1b8e1d606bd8f0018","ssdeep":"","tlshash":"a780002000c3b2a0820280b322000c022b28080000000200fcca203e00e8808208002a","first_seen":"2026-05-20T12:58:40.520833Z","last_seen":"2026-05-20T12:58:40.520833Z","times_seen":1,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"prime-memebrship.su/assets/geist-latin-wght-normal-Dm3htQBi.woff2","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:16.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"GET /assets/geist-latin-wght-normal-Dm3htQBi.woff2 HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://prime-memebrship.su/assets/index-BGrKAQhJ.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:16 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 28400\r\nlast-modified: Tue, 19 May 2026 20:00:40 GMT\r\nvary: Accept-Encoding\r\netag: \"6a0cc168-6ef0\"\r\nexpires: Thu, 20 May 2027 12:58:16 GMT\r\ncache-control: max-age=31536000, public, immutable\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28400,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 28400, version 1.0","md5":"284d2af3ed9db2bceefa23a14638db62","sha1":"a59aabd24d95f76b7e97143fa20c6a4c83a00c63","sha256":"0cbbe6286a00f356e98980783cc950a9b693751e04aedfb97d9526ff6dc2b316","sha512":"5381a032969cedc993f4d513a33e24f84cdbd245336902854e7c68440bd6c5d51d8de940656dba9396209dab9680276cffb948270c742c8768b0cfdf2eb6620f","ssdeep":"768:4lKwpkYgBu5H3M5tj/xk6fmzoybLiZDc8IHmSR78YpJgWcF:tEgw5HGtnf0oyb+Crl1pJkF","tlshash":"bbd2e173e2d2355bf3a8ecb902cf3e53ae8b256d82fcd5e5046a085a754970133147d1","first_seen":"2025-09-13T13:12:37.463474Z","last_seen":"2026-05-20T15:11:47.459659Z","times_seen":748,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.cdnfonts.com/css/helvetica-neue-55","fqdn":"fonts.cdnfonts.com","domain":"cdnfonts.com","tld":"com"},"ip":{"addr":"104.21.72.124","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:13.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnfonts.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 May 2026 13:10:42 GMT","end":"Sat, 01 Aug 2026 14:08:22 GMT"},"fingerprint":{"sha1":"EF:14:45:48:B1:9A:C9:A7:28:6B:C0:1D:0E:B0:E6:38:74:C4:7E:91","sha256":"01:F2:AE:FC:05:A5:B3:D3:60:65:B9:ED:2B:F8:58:97:9E:78:7E:12:13:FD:FD:28:67:E7:56:8A:AC:9D:07:A1"}}},"request":{"raw":"GET /css/helvetica-neue-55 HTTP/1.1\r\nHost: fonts.cdnfonts.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 20 May 2026 12:58:13 GMT\r\ncontent-type: text/css;charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\nage: 4752310\r\nlast-modified: Thu, 26 Mar 2026 12:53:02 GMT\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NR9BEL04%2BOGnrAZ3Skq16yaAPjYespp2Miq3rF1RBhclT4OoAqEPre6TWDuPfT0tXmosAWnR58S5QeD2n2q3%2BdD7PgVua8UsJfATDxNoyWRgNJqz9%2BVQn9Vxcl2qa%2BsY6OOqs80%3D\"}]}\r\ncf-ray: 9feb82f7b9e676ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11347,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"6c80265e10d70c8dd202cbdfe2960a07","sha1":"f6a17108e533c7c0aab6df332f4b98e6a563b211","sha256":"8acbd1ee1f7793a48b476ec03d1073be5ef7defffd60d28d1bce52127d88183d","sha512":"a7a4c4ec8fe31541a6d39dfce4acd386d4a0243150c06ddf08b5eeabae40a67a6cdd34d85230c8aa2f06af42bc015424cf790c4755ddeb48b3b28312c6bd4947","ssdeep":"192:mDfgBD7UD7zD7gVaDjD2DS9DdD+DeDdDwDvDxDZDTDQHD7cDrDIDiDODeDx:mDfgBD7UD7zD7jDjD2DSDdD+DeDdDwDb","tlshash":"70322465249ba704a1331c8a3b9bb9d84e0b149b205acd293bfdbf099ff78751240f5c","first_seen":"2024-12-11T11:18:20.740527Z","last_seen":"2026-05-20T12:58:40.525998Z","times_seen":137,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":9,"dns":1,"connect":1,"send":0,"wait":10,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Google+Sans:ital,opsz,wght@0,17..18,400..700;1,17..18,400..700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:13.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"25:C3:78:A0:E1:97:BA:8A:CE:43:FA:9C:BF:89:EF:DD:A3:CD:9C:40","sha256":"C1:18:7F:C1:92:8E:D0:83:CA:E8:62:DB:BE:FE:89:B2:84:13:70:FA:0E:40:65:D2:B6:8C:09:37:73:46:4D:4B"}}},"request":{"raw":"GET /css2?family=Google+Sans:ital,opsz,wght@0,17..18,400..700;1,17..18,400..700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 20 May 2026 12:58:13 GMT\r\ndate: Wed, 20 May 2026 12:58:13 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21329,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"f1522abfb2f0a52d3866bc11cc6e54fc","sha1":"15db7eed71085429578bf753908e054c16256db4","sha256":"ac0877eb80841eecb48e95b9c57ebd8c8ee05096e2e8daa0b65ed69a2a62d9c2","sha512":"476d1c9c7aa754c2b6823ee58f97af6059c778039e7897173892e98cadf97e54a58909558a58616094212ae75a6c2748a46aaa0a8d787d513e8bed643f2a2637","ssdeep":"384:jK84YnoBGpfd9c4xpxCW5VMtqYDuw4Ah0Oc3rqYIL:zbAc3vU","tlshash":"20a2e0814007a015ae57bcc737ce7d25ae0d12787500d5b9abfe4ac9dc86ca583b4fae","first_seen":"2025-12-31T20:43:14.648276Z","last_seen":"2026-05-20T12:58:40.527793Z","times_seen":265,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":73,"dns":1,"connect":7,"send":0,"wait":21,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"prime-memebrship.su/","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-20T12:58:12.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:12 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-credentials: true\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 19 May 2026 20:00:40 GMT\r\netag: W/\"389-19e41d37e40\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-permitted-cross-domain-policies: master-only\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":905,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"657c53eddcaa10ccbe7cb288dcb060b4","sha1":"020290b92f2f6714881acd97c2dcd000f1f5b022","sha256":"dcfdc01e9532b5626fe9a82a00a5e1e5989f929eda6335eafc1cc460daef9849","sha512":"db9fec6de3ed5f15f37b6d70bebccf1c8901b1e0306bd6874978fca2f09c2e0e93de2dbf1333c41bfc80575d87007e589174fe5a7a4136e7add2cc26886ef903","ssdeep":"","tlshash":"2011eb9749e4c81a030042a569c0b51acd47a28f4f48ea48b6bf50bd9f986c5cedbe9c","first_seen":"2026-05-20T12:58:40.529575Z","last_seen":"2026-05-20T12:58:40.529575Z","times_seen":1,"resource_available":true,"data":null}},"time_used":380,"timings":{"blocked":160,"dns":32,"connect":54,"send":0,"wait":60,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"prime-memebrship.su/assets/index-BGrKAQhJ.css","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:13.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"GET /assets/index-BGrKAQhJ.css HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://prime-memebrship.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 19 May 2026 20:00:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a0cc168-34c01\"\r\nexpires: Thu, 20 May 2027 12:58:13 GMT\r\ncache-control: max-age=31536000, public, immutable\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":216065,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b099cfd3732c6d9fa6f24c5c37cf554f","sha1":"d4a4d8d8e295458ca0f80c1d3e20bd50572a7bfd","sha256":"b3797cd1aa50d4963d591cc0dfbe9232942756b73a8006a953d20f5a41fb79ae","sha512":"ea671ab849bbcfdd559eea3a7a1b6b0c5da62485c2827d7affc3ba500eff163b26abc9d35cb1e16c242115322577900c03fc350925b36e6a5b365bc5bac65d75","ssdeep":"6144:5OgWHFZRaXaXIhjGD2Ys/xy5p5zAOB+FSMv30NDE6:m","tlshash":"f62483b0b069f53bbc13b1f9d3cca88ca909b0d5dd6947edf954521523e3bf2686a900","first_seen":"2026-05-20T12:58:40.533376Z","last_seen":"2026-05-20T12:58:40.533376Z","times_seen":1,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":398,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"prime-memebrship.su/assets/index-DfqLmgj8.js","fqdn":"prime-memebrship.su","domain":"prime-memebrship.su","tld":"su"},"ip":{"addr":"213.218.160.22","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://prime-memebrship.su/","date":"2026-05-20T12:58:13.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prime-memebrship.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 May 2026 16:02:53 GMT","end":"Thu, 30 Jul 2026 16:02:52 GMT"},"fingerprint":{"sha1":"23:B6:F0:FF:43:C9:44:7D:D8:4B:C2:7A:54:4C:BD:2E:CC:45:97:31","sha256":"EB:45:58:09:E6:4D:3D:38:79:99:4D:AB:0F:BD:EA:61:35:9A:11:5D:14:5D:4D:FC:CA:A6:91:F3:5C:EA:4B:FB"}}},"request":{"raw":"GET /assets/index-DfqLmgj8.js HTTP/1.1\r\nHost: prime-memebrship.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://prime-memebrship.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 20 May 2026 12:58:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 19 May 2026 20:00:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a0cc168-128e7a\"\r\nexpires: Thu, 20 May 2027 12:58:13 GMT\r\ncache-control: max-age=31536000, public, immutable\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1216122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (49133)","md5":"cff928e6981115892b8f18675ec6a010","sha1":"cb9866c70a5ad04e40446cd13d304024578b26ee","sha256":"de51f06165086a9b5e2a098b3d5a5b22cd1136da6725d2f8744cbb80b0bae053","sha512":"bd38b5509a346aeb8193b5aaea229726f2d86f4fbf4d88f4ecb3171699e828a5bd1d31dd8c931f6cb59f8d560d0191b51cba27e6c44ed3cf6c13c57fef27d0ce","ssdeep":"24576:ubp/LhtwLrXbX1AHxXu9nIBpoDsjHBoU3+knALD2ze8jSXkRbdeoQ2YACpBdefE1:uN/LhtwLrXbX1AHxXu9nIBpoDsjh33+h","tlshash":"80258cc8719575699be741e1507f0005b23a2a25b40d8454f17cecee3eb888ab27bfbd","first_seen":"2026-05-20T12:58:40.535453Z","last_seen":"2026-05-20T12:58:40.535453Z","times_seen":1,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-20","alert":"Phishing Block","trigger":"prime-memebrship.su","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-20","alert":"Sinkholed","trigger":"prime-memebrship.su","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}}]}