{"report_id":"0ff5e3c1-c33a-40a0-8df2-0d37b781355d","version":6,"status":"done","tags":[],"date":"2025-07-12T18:26:57Z","url":{"schema":"http","addr":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"ip":{"addr":"23.145.232.237","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"title":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-09-20T18:26:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"e90k.didi51-f1475.cc","ip":{"addr":"23.145.232.237","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2025-06-29","domain_rank":0,"first_seen":"2025-07-12T18:26:57.305791Z","last_seen":"2025-07-12T18:26:57.305791Z","alert_count":2,"request_count":2,"received_data":20157,"sent_data":1024,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-12","alert":"Sinkholed","trigger":"didi51-f1475.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"ip":{"addr":"23.145.232.237","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d8ffbcd3ac36f5053066a04e662bba7c","sha1":"4fe33a2afa3fe3526e7c3bb0864d12da048fbc24","sha256":"5eb4a0da742000f0d08a68869b20b67ad41b8f44aa9e48dd402396f6df44cdb6","sha512":"71968a568b8f40345bc45121933f5dcf48c6acc5132d16713ecd24ee6403549e91dfffa2d13bca097a30b94740259d54a7979a819fcdc36b545df6b9072bd911","ssdeep":"96:vSI8BIi1GfRjTtuVBP3DNNvaI1sI5j7hNui:vGIiUfdtun37aI1x5pNui","tlshash":"fb12a9dd37325c9eeca2663ff45a7328e1904d13f95da0ac2e6a04006fc195ae1d939f","size":9384,"data":"","first_seen":"2025-07-12T18:26:58.203324Z","last_seen":"2025-07-12T18:26:58.203324Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"ip":{"addr":"23.145.232.237","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7033cfe3e568d8b9e7b07f9228ac37f","sha1":"b1fe53b903b4d9fcd7ea299295ad6fd135481c42","sha256":"85efbeb57b0891b0bedf7cbddc0a4d836f190476e941b851ccef1c842acf16d0","sha512":"98503fd19ffcc189945b65267f040178c3aae425c49058095fd13eed0d96a0372cb6bcd50feb5c459c16bd9e446954410bdec3d0a951c533241e2a75e3f56dc8","ssdeep":"","tlshash":"8141219deda51102d55755fca84f00187532f21bf8d4874bb8998a843fa9e3940ffaec","size":1963,"data":"","first_seen":"2025-07-12T18:26:58.204271Z","last_seen":"2025-07-12T18:26:58.204271Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"ip":{"addr":"23.145.232.237","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5a61516b7f8ab750fee5d89ae4e047b9","sha1":"7f894de28cb8e6e66ad069a00486a71c959a0d80","sha256":"0c7353172c61262312cbee9ecd0dc26fe49cf7bc0cb3db9bcb4953962cb1ed6e","sha512":"657179ae8ac058fd099ad4df81c8b4c11b4757134d9cfbfb33ce2d0fbf1d0434d8ad4e19d4aadf0d939753421a16782cb7efe38c82322f32c6efc57ffecf6ef4","ssdeep":"","tlshash":"92a00415c14513107303003010d1c3dc3f744013fc4115153f5f05400f40515c014444","size":61,"data":"","first_seen":"2025-07-03T13:33:24.986865Z","last_seen":"2025-08-25T13:34:00.438842Z","times_seen":688,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"ip":{"addr":"23.145.232.237","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"29e68a814145b6f35fe856f0101ec595","sha1":"615ce9eec12b09cc1e86aeeb9c4f66509fc9a45b","sha256":"3d43e8432dbb56dbc2f7d9505a0b779963056869aba64c7ecaa75c06649e3f0c","sha512":"5fa95388a3ceb82b6859d062c9a8aec2883a4f8eec062f665ee2e5781780f5420392a77367b10a9ca97da9adb01cbd93c250b919ed0786ba7c5250384b6c3561","ssdeep":"","tlshash":"f4e0dfdbec9a16b18e8b76b658b9474870308017dcc8c6003c1e8a945f30cf2e09ebcc","size":397,"data":"","first_seen":"2025-07-03T13:33:24.984533Z","last_seen":"2025-08-25T13:34:00.440331Z","times_seen":688,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"50e131b26916abca739cd8004eacd54c","sha1":"05a74a9bd88ef99f09bbfbd617b8b82720a0d9a0","sha256":"7f76789c8b7019fa7cf4607a28153696d2c0e68d8e5173a43b88427a9f7edcea","sha512":"fd90cf5f32d2e111ff52b83a951bcdd9e6f357328f427db8e3e006c06b43480b0fe3954d525831af2e85b94d99e04e8101a4f5b89c0dc60d4f5580d1da7d48d3","ssdeep":"","tlshash":"f371a616e9f30002f16794af669a55152611f213284acf567b8c47a0efc9d69c8f77cc","size":3507,"data":"","first_seen":"2025-07-12T18:26:58.206181Z","last_seen":"2025-07-12T18:26:58.206181Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5161a2b49456c679bcfe3a032bafdcb1","sha1":"32a71ce9a05cc4613c6666d0ea8762e2ea6845ec","sha256":"6e8b1e9028f903aaaaee45107f5a32d28e632780d9112ab059ca5a06fa7bab2f","sha512":"bd4cd58aafda06ff08489f25398b75e8ce0b33449a9347e85ca0e225002c9ba425da9a2c29db7e3ba047e728fa61c72900a70fa87f1448d55133b1629a9dabb4","ssdeep":"","tlshash":"ca600000f0f000000f00000f0000000c330000c003c0000c00030f0f03c00000000000","size":12,"data":"","first_seen":"2025-07-12T01:37:37.2624Z","last_seen":"2025-07-12T19:56:51.302376Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"ip":{"addr":"23.145.232.237","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-12T18:26:35.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.didi51-f1475.cc","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Jun 2025 13:42:52 GMT","end":"Sat, 27 Sep 2025 13:42:51 GMT"},"fingerprint":{"sha1":"A2:D1:57:F5:79:EC:8B:AC:2F:F9:B9:1F:12:5C:B8:4C:B3:A2:B0:52","sha256":"B8:BA:5B:28:D9:FA:F8:C7:BE:FF:EC:C9:53:94:84:D8:3F:7D:F7:8E:62:5E:0D:6C:50:B0:0E:F8:90:5A:04:6F"}}},"request":{"raw":"GET /public/css/style.css?ref=e90k.didi51-f538.cc HTTP/1.1\r\nHost: e90k.didi51-f1475.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: \r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ncache-control: public, max-age=15552000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=utf-8\r\ndate: Sat, 12 Jul 2025 18:26:16 GMT\r\netag: \"1752344776\"\r\nexpires: Thu, 08 Jan 2026 18:26:16 GMT\r\nlast-modified: Sat, 12 Jul 2025 18:26:16 GMT\r\nserver: openresty\r\nvary: Origin, Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-ua-compatible: IE=edge\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 2175\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9416,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (9416), with no line terminators","md5":"daad1be7fb03e7b7085d805d5d2f0427","sha1":"6225f54fe9cac1bfcdc6a8e45f4104cf9e35de0f","sha256":"10cb2e803b842e9d23fc5fcf3a22d4ddb4a2f2a0595d0ffdf78ec5f20de79bac","sha512":"9444c809233b4b39aaf27b10cde7a8564035c0e2a1c02e518fe5499ec909bb56e5384981da07df5716484cf8315a74f66dbc62bffd7c79ac289449d594c65a29","ssdeep":"96:MSI8BIi1GfRjTtuVBP3DNNvaI1sI5j7hNuq:MGIiUfdtun37aI1x5pNuq","tlshash":"ae12b9dd37325c9eeca2663ff41a7328e1944d13f95da0a82e6904006fc195ae1d939f","first_seen":"2025-07-12T18:26:58.201413Z","last_seen":"2025-07-12T18:26:58.201413Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1408,"timings":{"blocked":574,"dns":31,"connect":261,"send":0,"wait":261,"receive":0,"ssl":278},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-12","alert":"Sinkholed","trigger":"didi51-f1475.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"e90k.didi51-f1475.cc/favicon.ico","fqdn":"e90k.didi51-f1475.cc","domain":"didi51-f1475.cc","tld":"cc"},"ip":{"addr":"23.145.232.237","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc","date":"2025-07-12T18:26:36.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.didi51-f1475.cc","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Jun 2025 13:42:52 GMT","end":"Sat, 27 Sep 2025 13:42:51 GMT"},"fingerprint":{"sha1":"A2:D1:57:F5:79:EC:8B:AC:2F:F9:B9:1F:12:5C:B8:4C:B3:A2:B0:52","sha256":"B8:BA:5B:28:D9:FA:F8:C7:BE:FF:EC:C9:53:94:84:D8:3F:7D:F7:8E:62:5E:0D:6C:50:B0:0E:F8:90:5A:04:6F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: e90k.didi51-f1475.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e90k.didi51-f1475.cc/public/css/style.css?ref=e90k.didi51-f538.cc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-content-type-options: nosniff\r\ncontent-length: 9662\r\ncontent-type: image/vnd.microsoft.icon\r\nx-ua-compatible: IE=edge\r\nx-cache: HIT, policy, disk\r\naccess-control-allow-origin: \r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=15552000, immutable\r\nexpires: Thu, 08 Jan 2026 16:39:42 GMT\r\ndate: Sat, 12 Jul 2025 16:39:42 GMT\r\nserver: openresty\r\netag: \"1752338381\"\r\nvary: Origin, Accept-Encoding\r\nlast-modified: Sat, 12 Jul 2025 16:39:41 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9662,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"3331070cee004f8847884177ab747e20","sha1":"41f1edcbb7ee7fc352acd7890b755c1a36b05daa","sha256":"0b0bc70778f9a4f293440285444a35c6b02fe48ac0cd2b426227e490dae0492f","sha512":"0c77dc02aee7cfafb7f8184edb6a53122f6d694edacdc6a310028566f809cf9c3144eb507bb795f35bec8dcf20066a4fbb9412e0955775a60141b2057bf2e188","ssdeep":"96:9iALlQl0bl0Ml6tNUsl0mHxk0JjUwuRzVB65DyrMilbHArgB3zZ+e0eDAhFUhAzH:N+4UhkDM+Ftz94vzICC3UuZa","tlshash":"d2126046f2ce9401f85b59317604c3ffe42698c8daae884b3988defb5dad3578432647","first_seen":"2025-01-24T03:58:48.563186Z","last_seen":"2026-04-02T12:39:39.738655Z","times_seen":3649,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":266,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-12","alert":"Sinkholed","trigger":"didi51-f1475.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}