{"report_id":"0a88feec-4ad5-48aa-b28e-db32dd8cf89a","version":6,"status":"done","tags":[],"date":"2025-12-22T15:24:19Z","url":{"schema":"http","addr":"oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"38.225.209.250","port":0,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"title":"502 Bad Gateway","dom":{"size":428,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"95a59d497c643f9c876621498099516c","sha1":"e2214d0e83b57b2cfa3916b1d0a03b5219eafcd0","sha256":"792acc192ce47bb3da73ec2a0d943d00a54bd77cf045319af98b949a0de10dc3","sha512":"b9b04e3ef7c6ecd99bbdfbae6663337146fc4fd819a8f0587517c3773be1c98dcc330dadededb4c870ba7936332fa662a9a15b008a208e0b2a4a0f4754c7e18d","ssdeep":"","tlshash":"c7e023b661103094f2e3c23853423350472078c2d34d840005cae9bedeeab34dc8f2d1","dom_hash":"domhashdc803a8da2b8c3ed6ce0e138d5febc53","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"38.225.209.250","port":0,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-26T15:24:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"oedy9.com","ip":{"addr":"45.147.200.225","port":443,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"domain_registered":"2023-10-27","domain_rank":150266,"first_seen":"2023-10-27T10:41:23Z","last_seen":"2025-12-17T23:26:08.817115Z","alert_count":4,"request_count":4,"received_data":6150,"sent_data":1803,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":443,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-22T15:23:58.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 502 Bad Gateway\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 446\r\ndate: Mon, 22 Dec 2025 15:23:59 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"a393fec958a6216ba5366013969314fd","sha1":"17d4eed3806a30390ddcf747ce7dbd67a2459c1f","sha256":"5396854522c285156e5f244c9254f14840c37bfa0ec2d23acff065e8a5cfd7f8","sha512":"a45f6413d84d592eef304cbec07130dec5c5e64dd44b3a5dc8d845e5e59187f79c7a5a7974c6125cde062c4f6c501da6a5f621b3965b36a03758a16f744cb4da","ssdeep":"","tlshash":"a7f0dcaa31103090f2e282385786335057103ac2e24e444015cbedbfeee9b28ec8f3d2","first_seen":"2025-12-22T15:24:20.887973Z","last_seen":"2025-12-22T15:24:20.887973Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1655,"timings":{"blocked":592,"dns":439,"connect":44,"send":0,"wait":470,"receive":0,"ssl":107},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":80,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-22T15:23:59.444Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nContent-Type: text/html; charset=utf-8\r\nLocation: https://oedy9.com/\r\nDate: Mon, 22 Dec 2025 15:23:59 GMT\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-21T15:33:44.540891Z","times_seen":14021215,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":98,"dns":1,"connect":101,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":443,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-22T15:23:59.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 502 Bad Gateway\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 446\r\ndate: Mon, 22 Dec 2025 15:24:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"b83746d5a8dfbaf2d86ed4c3ce2eca2a","sha1":"b08cb5879c2729318e3de66290405731e904e65a","sha256":"39c27133ab0e47806a485ddb24b5f271c946670473a16bb2dfe5c51b853b6dc7","sha512":"74d64addd0cf2bf1c0277e49ca857089f57451105e559a3785b6e40252abac8cfd3b83e5561fdc32816a81b8370d1c1558fe9da79e494c1aee4958d9d892228b","ssdeep":"","tlshash":"e1f0d4a531103050b1d2c23857413350471035c1d24e444015c7ed7fdeda724dc8f2d1","first_seen":"2025-12-22T15:24:20.890904Z","last_seen":"2025-12-22T15:24:20.890904Z","times_seen":1,"resource_available":false,"data":null}},"time_used":392,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":392,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/favicon.ico","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":443,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/","date":"2025-12-22T15:24:00.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Mon, 22 Dec 2025 15:24:00 GMT\r\netag: \"6933481e-fc4\"\r\nlast-modified: Fri, 05 Dec 2025 21:01:18 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=8e24b569a590272a9b4329bb58acd27e; Max-Age=86400; httponly; path=/\r\ncontent-length: 4036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4036,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e59ad0a9aefea690d92ffc6266516c6","sha1":"f82e7a5e38ad362b54a94522fd99963bc1515d27","sha256":"fa3958fb852fab1c92b41cbb3a1ad0c4487ee1cd1ef4712e6817fab8b8fde0eb","sha512":"3b4c28339115ca408dd153651ca8a2447b50788ff8499e51986f4062a8124e3145ef0d0ee9dbc36515be338d7cd0a21e1d6eb9725e9905454911af9c6d8827e0","ssdeep":"","tlshash":"a8817e69280b2a67e7f9a51b07360117ddf1a0ad62d7a88dc909c037bdee2b73086414","first_seen":"2025-12-05T22:31:48.407286Z","last_seen":"2026-02-14T16:06:52.824936Z","times_seen":254,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}