{"report_id":"fe9c38b5-c569-4fde-8038-eadeae64ad0d","version":6,"status":"done","tags":[],"date":"2025-09-27T20:43:20Z","url":{"schema":"http","addr":"sexlist.tv/rek2/newban/ex1.php","fqdn":"sexlist.tv","domain":"sexlist.tv","tld":"tv"},"ip":{"addr":"185.73.221.54","port":0,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"www.sexlist.tv/rek2/newban/ex1.php","fqdn":"www.sexlist.tv","domain":"sexlist.tv","tld":"tv"},"title":"Clickadu Banner 3"},"submit":{"url":{"schema":"http","addr":"sexlist.tv/rek2/newban/ex1.php","fqdn":"sexlist.tv","domain":"sexlist.tv","tld":"tv"},"ip":{"addr":"185.73.221.54","port":0,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-01T20:43:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"s.magsrv.com","ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-08-01","domain_rank":47665,"first_seen":"2023-08-04T12:48:00Z","last_seen":"2025-09-22T00:21:15.320109Z","alert_count":0,"request_count":2,"received_data":2835,"sent_data":1415,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s3t3d2y9.afcdn.net","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2022-06-27","domain_rank":36521,"first_seen":"2025-05-07T19:37:13.89914Z","last_seen":"2025-09-22T01:40:52.960372Z","alert_count":0,"request_count":1,"received_data":18538,"sent_data":548,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"sexlist.tv","ip":{"addr":"185.73.221.54","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":171722,"first_seen":"2025-09-27T20:43:20.570655Z","last_seen":"2025-09-27T20:43:20.570655Z","alert_count":0,"request_count":1,"received_data":828,"sent_data":498,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.sexlist.tv","ip":{"addr":"185.73.221.54","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":294841,"first_seen":"2025-05-11T23:42:18.591821Z","last_seen":"2025-09-02T20:28:55.685979Z","alert_count":0,"request_count":2,"received_data":1893,"sent_data":956,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.magsrv.com","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2023-08-01","domain_rank":51490,"first_seen":"2023-08-04T16:18:00Z","last_seen":"2025-09-22T01:40:52.8446Z","alert_count":1,"request_count":1,"received_data":185505,"sent_data":414,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.sexlist.tv/rek2/newban/ex1.php","fqdn":"www.sexlist.tv","domain":"sexlist.tv","tld":"tv"},"ip":{"addr":"185.73.221.54","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-06-08T03:48:03.100415Z","times_seen":13148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":184994,"data":"","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PUUoDQQy9ihfYIckkM0m/9Veh0gPMbkcRrIJbSoUc3uyKdRNIQngv74WAZAAbqN5h2THtRF0xmaSoaOyPT3tn9Llf39/mczpf3DBr9SIlk7mSkqFzNC7gAuq1FrWYkaBWNSnO4NnhLxNAFitewR8Oez8838dOhRydPANcSYK8CjuBc8xIClcE4uB3G1EIc9a4PZIK0NRbBpsQCzUJOGzt3lQ12ypxM+LDAs3ImZg9Anxdt/n7Y3LfAKWAGS7qcvtk4W4x/4n6K7h+GR2XUldCOEun9jp/XdL0eYrVciJhCVvIvBz1PvZjA7GXPoLpEVuXYq0SstpRpvIDv0t/FLIBAAA=\u0026cb=e2e_68d84c529f6ef4.02109001\u0026scr_info=YXN5bmN8fDM%3D","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.sexlist.tv/rek2/newban/ex1.php","date":"2025-09-27T20:42:58.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PUUoDQQy9ihfYIckkM0m/9Veh0gPMbkcRrIJbSoUc3uyKdRNIQngv74WAZAAbqN5h2THtRF0xmaSoaOyPT3tn9Llf39/mczpf3DBr9SIlk7mSkqFzNC7gAuq1FrWYkaBWNSnO4NnhLxNAFitewR8Oez8838dOhRydPANcSYK8CjuBc8xIClcE4uB3G1EIc9a4PZIK0NRbBpsQCzUJOGzt3lQ12ypxM+LDAs3ImZg9Anxdt/n7Y3LfAKWAGS7qcvtk4W4x/4n6K7h+GR2XUldCOEun9jp/XdL0eYrVciJhCVvIvBz1PvZjA7GXPoLpEVuXYq0SstpRpvIDv0t/FLIBAAA=\u0026cb=e2e_68d84c529f6ef4.02109001\u0026scr_info=YXN5bmN8fDM%3D HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.sexlist.tv\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.sexlist.tv/\r\nCookie: __uvt=s%3A32%3A%22a04808b9515ec65f58ce70311ddb99fb%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Sep 2025 20:42:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://www.sexlist.tv\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T05:34:20.987672Z","times_seen":16230898,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y9.afcdn.net/library/91387/25b011d68af269a0dbcfc5a7065f7cade8a5a49c.mp4","fqdn":"s3t3d2y9.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://www.sexlist.tv/rek2/newban/ex1.php","date":"2025-09-27T20:42:58.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 18:41:03 GMT","end":"Fri, 12 Dec 2025 18:41:02 GMT"},"fingerprint":{"sha1":"68:CA:E4:09:64:51:A6:A3:68:11:14:36:D0:A1:63:6E:AD:58:59:50","sha256":"CD:C8:8A:2C:B0:B6:21:9E:3A:54:19:23:96:3D:87:BC:F7:14:BC:D3:A0:FA:97:48:A5:00:85:A5:C9:08:9D:0A"}}},"request":{"raw":"GET /library/91387/25b011d68af269a0dbcfc5a7065f7cade8a5a49c.mp4 HTTP/1.1\r\nHost: s3t3d2y9.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.sexlist.tv/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sat, 27 Sep 2025 20:42:58 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 17944\r\nlast-modified: Wed, 04 Sep 2024 10:30:19 GMT\r\netag: \"66d836bb-4618\"\r\nexpires: Sat, 20 Jun 2026 12:56:02 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBX63NDQH3P/CCAAwBuUwKCQH3ogEAAAwBJRPCMQG3DwAAAA\r\nx-77-nzt-ray: 2a494a1500d9a99a774cd868fb232029\r\nx-77-cache: HIT\r\nx-77-age: 8581183\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-17943/17944\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":17944,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"e546ed3d51096d679e80d381608fc074","sha1":"25b011d68af269a0dbcfc5a7065f7cade8a5a49c","sha256":"ee5e4be7e07cc10a342fd256cea36002a416bfb47fd78929b3183135166870e0","sha512":"946b1123b29a50d4b9d06f45e456c23a11c09948931fb32dc6d3b81c67f7f0ef073fab835d3a985a442b22d3ede737446646ca72d510a2aa72a3c1ea5bf93a61","ssdeep":"384:L7oiP1ypZZ1d4FWiEqolyscZjtXLJ3NTmsFVgXKEr3UUZl:/vYp0ZNWm1d3Vm8Vg6dkl","tlshash":"a682cfaf0f0dfc43d552653168ff139ba691510dc662220bb9bd30e99cfa62b5e69304","first_seen":"2025-06-26T16:34:48.108226Z","last_seen":"2025-10-01T12:29:04.928444Z","times_seen":18,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":10,"dns":4,"connect":1,"send":0,"wait":1,"receive":1,"ssl":4},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sexlist.tv/rek2/newban/ex1.php","fqdn":"sexlist.tv","domain":"sexlist.tv","tld":"tv"},"ip":{"addr":"185.73.221.54","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-27T20:42:58.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sexlist.tv","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 Aug 2025 08:36:40 GMT","end":"Wed, 05 Nov 2025 08:36:39 GMT"},"fingerprint":{"sha1":"18:2E:FB:10:12:EE:B9:C7:79:C2:BF:45:89:F8:D9:A1:63:B0:22:D0","sha256":"AB:F0:6E:66:20:A1:2F:84:45:0C:A5:FD:3C:D5:03:ED:89:B2:B9:01:76:1D:49:A9:A6:D2:82:1C:A3:45:2A:AE"}}},"request":{"raw":"GET /rek2/newban/ex1.php HTTP/1.1\r\nHost: sexlist.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 20:42:58 GMT\r\ncontent-type: text/html\r\ncontent-length: 178\r\nlocation: https://www.sexlist.tv/rek2/newban/ex1.php\r\nstrict-transport-security: max-age=63072000;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":578,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T05:34:20.987672Z","times_seen":16230898,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":88,"dns":0,"connect":28,"send":0,"wait":27,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.sexlist.tv/rek2/newban/ex1.php","fqdn":"www.sexlist.tv","domain":"sexlist.tv","tld":"tv"},"ip":{"addr":"185.73.221.54","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-27T20:42:58.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sexlist.tv","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 Aug 2025 08:36:40 GMT","end":"Wed, 05 Nov 2025 08:36:39 GMT"},"fingerprint":{"sha1":"18:2E:FB:10:12:EE:B9:C7:79:C2:BF:45:89:F8:D9:A1:63:B0:22:D0","sha256":"AB:F0:6E:66:20:A1:2F:84:45:0C:A5:FD:3C:D5:03:ED:89:B2:B9:01:76:1D:49:A9:A6:D2:82:1C:A3:45:2A:AE"}}},"request":{"raw":"GET /rek2/newban/ex1.php HTTP/1.1\r\nHost: www.sexlist.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 20:42:58 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":578,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"c2f0aeaf41157f0352b9003125d640e3","sha1":"9eb1d62e49aaecd6b5ca8fe1a6b8af1865a26ddc","sha256":"11fedf9b0ca99bf428857b07c2e562411711c26ccd068320caafcc19df91fb98","sha512":"d4a31b3ea379bb48209d34bfab7ed3bb914f309983950f2c8ba4603cdd23fa234e2fe39090270f6365a34a4a428f054d9de5c28acc2c4ef8e2a51b033eb448c6","ssdeep":"","tlshash":"a9f04c93bc52841d912158955cd1f408a5cb757e9649c88135ca64769ed0fdaccd3684","first_seen":"2025-06-24T08:50:01.053622Z","last_seen":"2026-06-04T08:33:36.308294Z","times_seen":30,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":37,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.sexlist.tv/rek2/newban/ex1.php","date":"2025-09-27T20:42:58.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.sexlist.tv/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:42:58 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9ba388b9873f71f944fea196bb1\"\r\nexpires: Tue, 23 Sep 2025 14:41:40 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3KwAAAAwBuUwKAQH3DgAAAAwBWd59LgG3sQAAAA\r\nx-77-nzt-ray: 2a494a15fbb74596774cd868193f1618\r\nx-77-cache: HIT\r\nx-77-age: 43\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":184994,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39230)","md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":14,"dns":0,"connect":5,"send":0,"wait":5,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.sexlist.tv/favicon.ico","fqdn":"www.sexlist.tv","domain":"sexlist.tv","tld":"tv"},"ip":{"addr":"185.73.221.54","port":443,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.sexlist.tv/rek2/newban/ex1.php","date":"2025-09-27T20:42:58.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sexlist.tv","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 Aug 2025 08:36:40 GMT","end":"Wed, 05 Nov 2025 08:36:39 GMT"},"fingerprint":{"sha1":"18:2E:FB:10:12:EE:B9:C7:79:C2:BF:45:89:F8:D9:A1:63:B0:22:D0","sha256":"AB:F0:6E:66:20:A1:2F:84:45:0C:A5:FD:3C:D5:03:ED:89:B2:B9:01:76:1D:49:A9:A6:D2:82:1C:A3:45:2A:AE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.sexlist.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.sexlist.tv/rek2/newban/ex1.php\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 20:42:58 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 894\r\nlast-modified: Thu, 28 Dec 2017 07:28:45 GMT\r\netag: \"37e-56161775ada64\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":894,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel","md5":"bf95c875b26344dc8b73d4d5dd82e8a3","sha1":"7821eeac1fc72ee34ebd41692ff8d6d9aa464c27","sha256":"33e8cf2a02b5452818cf18d9a5ab18f7379dd3689e93cf4e52bce5ebe60de5ec","sha512":"f4268f3747f8ff403868464d03646d16c0857d09f36541a8d0f681365dc2b2fde02d3bfc4bb9d8d8192aa1201aa554c27dd3c749ed7264c4282b40ed4b7f5e85","ssdeep":"","tlshash":"91110266b3c33ee0d001433c48406121841f3c137db43a58585c3dda5d36197004be0f","first_seen":"2024-08-19T17:47:05.28823Z","last_seen":"2026-06-07T20:31:41.776387Z","times_seen":6,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.sexlist.tv/rek2/newban/ex1.php","date":"2025-09-27T20:42:58.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 421\r\nOrigin: https://www.sexlist.tv\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.sexlist.tv/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Sep 2025 20:42:58 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://www.sexlist.tv\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22a04808b9515ec65f58ce70311ddb99fb%22%3B; expires=Mon, 27 Sep 2027 20:42:58 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1948,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fce98f2ebc186689304dffb5b4d96707","sha1":"7ce22e30e8eb5220727489b5f2d9d671510b851c","sha256":"46041754868ad6f0cae1be323c53d982a946ecf0da2a43a8c652480767025541","sha512":"9c684f836f5bff02260114c8e5335a54f75c79c25fb2b7590ed9a83c86c95b708abba1b86fd7cfb0bdbd8ddcb019e75c9a2bb646a5b0265185999d9a1575e803","ssdeep":"","tlshash":"0541e8b1b7884079a6e5b2c628aa39282e23381b9b8a84c5010d3378d37871d170db34","first_seen":"2025-09-27T20:43:24.383732Z","last_seen":"2025-09-27T20:43:24.383732Z","times_seen":1,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":47,"dns":0,"connect":22,"send":0,"wait":188,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}