{"report_id":"2216cbc6-e6af-4935-8a5b-1ed27c5e93c6","version":6,"status":"done","tags":[],"date":"2025-09-30T04:50:50Z","url":{"schema":"http","addr":"xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","fqdn":"xn----8sbwjheht4l.xn--p1ai","domain":"xn----8sbwjheht4l.xn--p1ai","tld":""},"ip":{"addr":"188.225.23.146","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","fqdn":"xn----8sbwjheht4l.xn--p1ai","domain":"xn----8sbwjheht4l.xn--p1ai","tld":""},"title":"PDf Document*"},"submit":{"url":{"schema":"http","addr":"xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","fqdn":"xn----8sbwjheht4l.xn--p1ai","domain":"xn----8sbwjheht4l.xn--p1ai","tld":""},"ip":{"addr":"188.225.23.146","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-04T04:50:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-30","alert":"Sinkholed","trigger":"c8f1ca22.pdfinvoice.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"geolocation-db.com","ip":{"addr":"159.89.102.253","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"domain_registered":"2019-10-23","domain_rank":55872,"first_seen":"2019-10-31T01:19:14Z","last_seen":"2025-09-29T15:44:37.365312Z","alert_count":0,"request_count":1,"received_data":360,"sent_data":493,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.14.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"c8f1ca22.pdfinvoice.pages.dev","ip":{"addr":"172.66.47.19","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-09-02","domain_rank":0,"first_seen":"2024-12-04T18:19:56.174371Z","last_seen":"2025-09-13T20:18:37.599616Z","alert_count":1,"request_count":1,"received_data":1025,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"xn----8sbwjheht4l.xn--p1ai","ip":{"addr":"188.225.23.146","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-09-30T04:50:50.465994Z","last_seen":"2025-09-30T04:50:50.465994Z","alert_count":0,"request_count":2,"received_data":686519,"sent_data":1018,"comment":"","tags":null,"fingerprints":[{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"1C-Bitrix","description":"1C-Bitrix is a system of web project management, universal software for the creation, support and successful development of corporate websites and online stores.","website":"https://www.1c-bitrix.ru","common_platform_enumeration":"","icon":"1C-Bitrix.svg","categories":["CMS","Ecommerce"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"mrmaytinh.github.io","ip":{"addr":"185.199.110.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2013-03-08","domain_rank":0,"first_seen":"2025-08-18T01:58:21.178194Z","last_seen":"2025-09-22T16:21:52.609239Z","alert_count":0,"request_count":1,"received_data":3687,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]}]},{"fqdn":"marvel-b1-cdn.bc0a.com","ip":{"addr":"108.157.214.90","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2018-05-01","domain_rank":168842,"first_seen":"2020-04-05T12:20:03Z","last_seen":"2025-09-29T23:25:54.387191Z","alert_count":0,"request_count":1,"received_data":114952,"sent_data":526,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","fqdn":"xn----8sbwjheht4l.xn--p1ai","domain":"xn----8sbwjheht4l.xn--p1ai","tld":""},"ip":{"addr":"188.225.23.146","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"bced24757473587b1ae3ecee9da94247","sha1":"bbbc031d8a7c70e0207891d78063ef5d692aedc5","sha256":"25646979b8c787cd9632fd29426cd015902c89803206c94396f68728f7d19bb2","sha512":"5f2842510b257836497d8b71fff61323a19b1526c593a29a3044c8622186ba04dd61f0fbae3d5c97a9149e72f37c5d20d92d5a7d7dde57999ea27355a0e0cbc6","ssdeep":"6144:QXQxR9vw5jOes4t/jz2S9vjhXngeEsmqG:wYUjHN9vjhXgelDG","tlshash":"dfb494a9aae225709203f03a4eafd8447639a80b174ced513e0cd5615f5853c97fafec","size":505309,"data":"","first_seen":"2025-09-30T04:50:57.07846Z","last_seen":"2025-09-30T04:50:57.07846Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","fqdn":"xn----8sbwjheht4l.xn--p1ai","domain":"xn----8sbwjheht4l.xn--p1ai","tld":""},"ip":{"addr":"188.225.23.146","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-30T04:50:22.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn----8sbwjheht4l.xn--p1ai","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 08:14:32 GMT","end":"Sun, 07 Dec 2025 08:14:31 GMT"},"fingerprint":{"sha1":"48:C5:7E:2F:41:20:F4:C0:0E:89:5C:60:51:94:16:6A:03:22:A3:B3","sha256":"84:63:48:19:D1:1C:21:15:16:ED:DE:EF:F1:32:9C:A6:B4:66:CE:DA:D2:CC:6C:3C:AF:8B:02:70:E9:E7:E8:F2"}}},"request":{"raw":"GET /adobe/indeaxpdfadobefile.html HTTP/1.1\r\nHost: xn----8sbwjheht4l.xn--p1ai\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 30 Sep 2025 04:50:23 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Mon, 29 Sep 2025 21:49:26 GMT\r\netag: W/\"8825a-63ff79bfb267d\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":557658,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (41676), with CRLF line terminators","md5":"5b60403dae9b0905c78408df714d3d4d","sha1":"a106115a8b88bf19001c3b75315e634e61dd96e9","sha256":"545014967c376942695d65b67943d8f6b06a77bc0d431330a2caa6de7fb238ef","sha512":"a4d2c926609c2edf858c39cb671a6ec0a6eed6ac399a4956853347defc26fcc0b48dae38e2b140c00f24f9c4056f8123936ea3e2519f55d59f49f43df4a97bb4","ssdeep":"12288:QlD/0KSQqTuQYus73xDka9u5zJaN3Soaw1qDgRsbyAgkjAJqzPIdG5gXac6Ooni6:IDABdFKtE+07dDf","tlshash":"0cc4a5a9ae9165719533f33e8eabc848fe36162b038c80433a6cd4655f7151493b6fec","first_seen":"2025-09-30T04:50:57.06164Z","last_seen":"2025-09-30T04:50:57.06164Z","times_seen":1,"resource_available":false,"data":null}},"time_used":348,"timings":{"blocked":119,"dns":0,"connect":55,"send":0,"wait":110,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrmaytinh.github.io/myowl/dd795d25.css","fqdn":"mrmaytinh.github.io","domain":"mrmaytinh.github.io","tld":"github.io"},"ip":{"addr":"185.199.110.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","date":"2025-09-30T04:50:23.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91","sha256":"7D:11:22:EA:96:98:52:34:1E:8D:D9:2B:CC:0C:7E:CC:00:96:30:D1:4D:A7:34:D7:CA:42:D5:B5:4A:2B:20:97"}}},"request":{"raw":"GET /myowl/dd795d25.css HTTP/1.1\r\nHost: mrmaytinh.github.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn----8sbwjheht4l.xn--p1ai/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: GitHub.com\r\ncontent-type: text/css; charset=utf-8\r\nlast-modified: Thu, 30 Jan 2025 00:10:44 GMT\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31556952\r\netag: W/\"679ac384-ba4\"\r\nexpires: Tue, 30 Sep 2025 04:59:50 GMT\r\ncache-control: max-age=600\r\ncontent-encoding: gzip\r\nx-proxy-cache: MISS\r\nx-github-request-id: 5E13:7E560:599919:5A6A53:68DB616B\r\naccept-ranges: bytes\r\ndate: Tue, 30 Sep 2025 04:50:23 GMT\r\nvia: 1.1 varnish\r\nage: 0\r\nx-served-by: cache-osl6544-OSL\r\nx-cache: HIT\r\nx-cache-hits: 1\r\nx-timer: S1759207823.278399,VS0,VE122\r\nvary: Accept-Encoding\r\nx-fastly-request-id: b985d953bf0df720d2d35bda58cba77aee958fd7\r\ncontent-length: 1183\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]}],"data":{"size":2980,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2934), with CRLF line terminators","md5":"d0b089e42b0f6ed2f97edf52d967758a","sha1":"a446b061c66b9f89d46d9f6bbed0ec06a5faac5a","sha256":"4c0dbb9046b895c6fc2bea6d241d1b306cfeee90b5a93f5e9819a046c464dd01","sha512":"a751a0e53b6169629d05454adf07e9681580ab0e988f3eb4d1e8f51d7e002b43fbf925c8bf9c63915610f792fe654f4fbc2144aa38dc43b114cc45cfae7f85ab","ssdeep":"","tlshash":"cb513e212992352cf1379961f0f27688f32d9412fa0b4baaea3d6572c5cf08a552330d","first_seen":"2025-08-18T01:58:25.741897Z","last_seen":"2026-03-21T13:09:49.041866Z","times_seen":15,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":8,"dns":2,"connect":2,"send":0,"wait":124,"receive":0,"ssl":5},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"marvel-b1-cdn.bc0a.com/f00000000215549/www.fhsu.edu/nursing/BSN-DNP-Info/bsn-to-dnp-summer-2020-and-after-pos.jpg","fqdn":"marvel-b1-cdn.bc0a.com","domain":"bc0a.com","tld":"com"},"ip":{"addr":"108.157.214.90","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","date":"2025-09-30T04:50:23.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"marvel-cdn.bc0a.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Tue, 10 Dec 2024 00:00:00 GMT","end":"Wed, 07 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C0:6F:9D:0B:2C:40:B6:32:61:06:85:72:B9:C4:D7:A0:B2:45:2A:82","sha256":"FD:77:C2:14:42:5A:36:51:F4:B6:FD:50:61:44:B1:63:45:AA:DD:9E:47:87:72:FC:E5:8E:79:FC:C9:C5:44:A0"}}},"request":{"raw":"GET /f00000000215549/www.fhsu.edu/nursing/BSN-DNP-Info/bsn-to-dnp-summer-2020-and-after-pos.jpg HTTP/1.1\r\nHost: marvel-b1-cdn.bc0a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrmaytinh.github.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\ncontent-length: 114245\r\ndate: Mon, 29 Sep 2025 05:08:33 GMT\r\nlast-modified: Mon, 15 Sep 2025 12:56:38 GMT\r\nx-amz-expiration: expiry-date=\"Wed, 10 Mar 2027 00:00:00 GMT\", rule-id=\"delete-old-images\"\r\netag: \"5d03ff80b7001bb2822a11e86bb5cbd9\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 5ieFpOdqbqQjtuMqgp.lswPQKjbuV8mh\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ncache-control: max-age=31536000\r\nvia: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront)\r\nage: 85310\r\naccess-control-allow-origin: *\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: ARN56-P1\r\nx-amz-cf-id: gmBlkjo9V7PK0VrfFw2rK8rWQqpKxOYMnkT43A_LnYZWF01OQNKEKA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":114245,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 660x797, components 3","md5":"5d03ff80b7001bb2822a11e86bb5cbd9","sha1":"2dd100e72be49f1e4317ecd5e724b3de53c7e928","sha256":"4d4dbe4e2bd7a2ba5243827f34d3c0a0b60eefd3a0d16588a654b1ceadde8a63","sha512":"c1ddf130e2caf0c027b0c1ef3b6c38efdca870da705e41c17eab5ffdc9eb8fc4e6228a479ae9e9c43b5489d49111c4223ccc621f4a5009d061b74a831511065a","ssdeep":"3072:3deSVX444SicHMMMqdoL0DMeHM+oLjYzI:hCbRLj+I","tlshash":"ecb3d064b118e572e10f66fd81ba37f89750cc03a847cb9af09fc8679b58f079e42916","first_seen":"2024-06-12T12:11:40Z","last_seen":"2026-03-21T13:09:49.043109Z","times_seen":450,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":21,"dns":0,"connect":8,"send":0,"wait":146,"receive":12,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"geolocation-db.com/json/","fqdn":"geolocation-db.com","domain":"geolocation-db.com","tld":"com"},"ip":{"addr":"159.89.102.253","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","date":"2025-09-30T04:50:23.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"geolocation-db.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Sep 2025 10:37:35 GMT","end":"Tue, 02 Dec 2025 10:37:34 GMT"},"fingerprint":{"sha1":"3C:E7:89:66:DA:14:4C:B8:29:FB:4C:42:AD:94:A5:2D:85:85:88:26","sha256":"0F:64:B9:6E:7A:48:B5:83:90:8C:21:EF:22:32:B9:DF:5B:DD:0C:D3:8F:9E:41:28:D2:C2:39:5C:4F:6E:51:2E"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: geolocation-db.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn----8sbwjheht4l.xn--p1ai\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn----8sbwjheht4l.xn--p1ai/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.0 (Ubuntu)\r\ndate: Tue, 30 Sep 2025 04:50:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.14.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"4d98ea9f1e77bd5d980d67a948525f9c","sha1":"a09f5a5441438a75bcdfd79a292813f3e1e2bdc0","sha256":"5ec87970cfee03fa942569df2474bed175fa9c5f91ad112b87f3b4c6c0c17b15","sha512":"a07d2ff36743fe580bc79080c772bf051306597f4346cd2f8a0bf1afe847cc05b0e0d81c47a965e95fe49cefe20a4967301aeb5726cd055f5c10b05336595b1b","ssdeep":"","tlshash":"10c08c0e106e8a3fed39d1a0003ea10b08378100a3ea994b26d497b0c18ac8c1089444","first_seen":"2025-09-29T15:10:22.352761Z","last_seen":"2025-10-07T05:59:16.588641Z","times_seen":25,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":104,"dns":3,"connect":33,"send":0,"wait":39,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c8f1ca22.pdfinvoice.pages.dev/Adobe/build/favicon.ico","fqdn":"c8f1ca22.pdfinvoice.pages.dev","domain":"pdfinvoice.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.19","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","date":"2025-09-30T04:50:23.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pdfinvoice.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 04:48:03 GMT","end":"Thu, 27 Nov 2025 05:45:21 GMT"},"fingerprint":{"sha1":"10:7F:69:2B:EE:34:17:82:38:D9:9F:BD:6A:2A:F6:31:44:66:45:C1","sha256":"46:41:89:A5:63:A1:D5:37:DA:2E:D0:A3:85:8D:53:1B:0A:DE:A3:F6:3C:B9:0B:0B:28:B5:4E:83:CF:A6:74:9D"}}},"request":{"raw":"GET /Adobe/build/favicon.ico HTTP/1.1\r\nHost: c8f1ca22.pdfinvoice.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn----8sbwjheht4l.xn--p1ai/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ndate: Tue, 30 Sep 2025 04:50:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 4356\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Elj3vDniJjU2K%2BGqk0Fy0frEIAe2AqjK1MxWwh9Z2IyJ%2FilBd778mXR9pwNkU2%2FIHZ%2BRJvAGrYV1CqRsxwGO%2Ba2sFsTqmBNwCIpX2XU%2BiS1GnYmUO8NPclyz3NXCn9%2FFK33ei0Cn7nvEeLV8m0tXmQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: same-origin\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nserver: cloudflare\r\ncf-ray: 987119631c2856a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1393\u0026min_rtt=639\u0026rtt_var=572\u0026sent=5\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=2916\u0026recv_bytes=1109\u0026delivery_rate=2266040\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=9ab1364db94351e3\u0026ts=270\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":2,"send":0,"wait":20,"receive":0,"ssl":253},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-30","alert":"Sinkholed","trigger":"c8f1ca22.pdfinvoice.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn----8sbwjheht4l.xn--p1ai/adobe/logo192.png","fqdn":"xn----8sbwjheht4l.xn--p1ai","domain":"xn----8sbwjheht4l.xn--p1ai","tld":""},"ip":{"addr":"188.225.23.146","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html","date":"2025-09-30T04:50:23.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn----8sbwjheht4l.xn--p1ai","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 08:14:32 GMT","end":"Sun, 07 Dec 2025 08:14:31 GMT"},"fingerprint":{"sha1":"48:C5:7E:2F:41:20:F4:C0:0E:89:5C:60:51:94:16:6A:03:22:A3:B3","sha256":"84:63:48:19:D1:1C:21:15:16:ED:DE:EF:F1:32:9C:A6:B4:66:CE:DA:D2:CC:6C:3C:AF:8B:02:70:E9:E7:E8:F2"}}},"request":{"raw":"GET /adobe/logo192.png HTTP/1.1\r\nHost: xn----8sbwjheht4l.xn--p1ai\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn----8sbwjheht4l.xn--p1ai/adobe/indeaxpdfadobefile.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 30 Sep 2025 04:50:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\np3p: policyref=\"/bitrix/p3p.xml\", CP=\"NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA\"\r\nx-powered-cms: Bitrix Site Manager (234f9ce7b7c2a275ad693932aade5aab)\r\nx-devsrv-cms: Bitrix\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=K596YWCvIc1pl1P0tyVI16KX3A064eER; path=/; domain=xn----8sbwjheht4l.xn--p1ai; HttpOnly\nBITRIX_SM_SALE_UID=92aeb7ca0153a79fd72b0e84b47d98c1; expires=Fri, 25-Sep-2026 04:50:24 GMT; Max-Age=31104000; path=/; domain=xn----8sbwjheht4l.xn--p1ai\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"1C-Bitrix","description":"1C-Bitrix is a system of web project management, universal software for the creation, support and successful development of corporate websites and online stores.","website":"https://www.1c-bitrix.ru","common_platform_enumeration":"","icon":"1C-Bitrix.svg","categories":["CMS","Ecommerce"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":127846,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1901), with CRLF, LF line terminators","md5":"b04c2dbfcb2ed21d328854ae92c7b71f","sha1":"2a3b4a310490cccadc5e857caae34001abf24657","sha256":"99b2a1b21cbd57b880c47265020ef6b903effc56b4ecd26e57330625c54e55cf","sha512":"f107111eb7a12a1e5843d43d624049f652d8a849d9236f713e084405795acc19c81b010ee3a7189cae0dc44ebecb73efa95bb971cdf7029a879ae78d24355f4e","ssdeep":"3072:7ob9f/Z70IHj+7gec3NLIF//i7jLhdE4ggpsZXC0UzLejsKjv:kf/Zpj+7gec3NLIF/Eh5C","tlshash":"ecc3825042dd6caf023251d3e020bb6868ef9d79f62755e1b2ff4a3a7bc5c00761b4a6","first_seen":"2025-09-30T04:50:57.07494Z","last_seen":"2025-09-30T04:50:57.07494Z","times_seen":1,"resource_available":false,"data":null}},"time_used":750,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":750,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}