{"report_id":"23e69a91-c7d2-49f5-8160-0f316fb0e4f7","version":6,"status":"done","tags":[],"date":"2026-05-04T19:13:27Z","url":{"schema":"http","addr":"s-slon6-cc.lol/","fqdn":"s-slon6-cc.lol","domain":"s-slon6-cc.lol","tld":"lol"},"ip":{"addr":"91.201.41.202","port":0,"asn":210079,"as":"EuroByte LLC","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"s-slon6-cc.lol/","fqdn":"s-slon6-cc.lol","domain":"s-slon6-cc.lol","tld":"lol"},"title":"Slon6.cc","dom":{"size":7390,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (865)","md5":"100c4d2adfacd05bef1ace2c14dd6a60","sha1":"556fe63808dee6d58721353a58cefd395b1a7f09","sha256":"18fde8d63291ca7fcb592e74b1dee6d6bea75df5d78b2ab6129a5be450d92663","sha512":"23440c81c634162ef2a7d18bfbe0d0b9bb97126c273f54179edb39273c061d90256fa4877ebb61349077ab2d2239e056d6c343c897d664e1510817794b5d97f7","ssdeep":"192:09YLX5TW7nHCGRwY9CJnR/W7ftP+6C0DfVjVn9Q2MAF:oKW7nHCGXcW7tG6B","tlshash":"c5e1453396e56c997190e047e4117e8d7ee640bf6bae0a91243d2c7ebfd21b4413638a","dom_hash":"domhashefc6abaed04f413df328e70ab7808b08","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"s-slon6-cc.lol/","fqdn":"s-slon6-cc.lol","domain":"s-slon6-cc.lol","tld":"lol"},"ip":{"addr":"91.201.41.202","port":0,"asn":210079,"as":"EuroByte LLC","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-08T19:13:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"s-slon6-cc.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"s-slon6-cc.lol","ip":{"addr":"91.201.41.202","port":443,"asn":210079,"as":"EuroByte LLC","country":"Russia","country_code":"RU"},"domain_registered":"2026-04-26","domain_rank":0,"first_seen":"2026-05-04T19:13:27.163725Z","last_seen":"2026-05-04T19:13:27.163725Z","alert_count":3,"request_count":3,"received_data":27364,"sent_data":1484,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"s-slon6-cc.lol/","fqdn":"s-slon6-cc.lol","domain":"s-slon6-cc.lol","tld":"lol"},"ip":{"addr":"91.201.41.202","port":443,"asn":210079,"as":"EuroByte LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3d689b75b0f246edee791e7415b08a7","sha1":"e2137eebdeef8ed339f5fe2d4a6dc86c182aa936","sha256":"0d62bba458cbf416f0202964d61761b1acc5da8248c80b95763331159b2c54c4","sha512":"774593c5be14449060360226b8b25aea3eeae536d351bab4bfcc83a107644eb8de7f05d89f6746fdcc8457b60b050cd58d0b61e00f522fc8b67ea3276bbfc8d7","ssdeep":"","tlshash":"83e07d7320f31a6038f3b2110087eb44692b109a78d5984266808c001f0d3c92525bc1","size":295,"data":"","first_seen":"2026-05-04T19:13:55.167251Z","last_seen":"2026-05-04T19:14:32.213676Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"s-slon6-cc.lol/","fqdn":"s-slon6-cc.lol","domain":"s-slon6-cc.lol","tld":"lol"},"ip":{"addr":"91.201.41.202","port":443,"asn":210079,"as":"EuroByte LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-04T19:13:05.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"s-slon6-cc.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:08:26 GMT","end":"Mon, 27 Jul 2026 08:08:25 GMT"},"fingerprint":{"sha1":"BF:96:0A:45:2C:C8:D1:7F:8D:AF:EB:E4:1E:35:AC:F7:DE:40:DF:CC","sha256":"78:E2:5D:16:22:3B:66:14:02:09:5A:51:CE:4F:5F:C6:CF:3F:F2:0E:19:F7:B1:76:72:5F:CA:53:FD:EF:E2:51"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: s-slon6-cc.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 04 May 2026 19:13:05 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: antibot=5add3f97-04e1-4bf0-b7bb-819eac216ccc; Path=/; HttpOnly; Secure; SameSite=Strict\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7508,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (865), with CRLF line terminators","md5":"401eddbbe0ac31994c1be892ef3268d8","sha1":"1b01e5ada3f3bf93c80aea76781f5a3e979343d0","sha256":"32e4e9f293b2e3af6fdeca2f3656d7cd8e83c82f230b21980217d361de38d7fe","sha512":"30c13d115a411cd69165128517df0876339604cdab78a979116842167d9062106f6d39513236d562cd18983158ea2efaba305ea5c42b2022411fa4f94b09f5d8","ssdeep":"192:a0YT7oQ8vZY7dy46/Q32MQ/uQwY9CJnR0W7utVd6C0y+Vj4n9dU2lro:/Y7oQ8Ydy46/Q3S/uExWqtD6p","tlshash":"7af1543316e66ca96154e04bd4117e8cbee740bf67ae0a9134293c6fbfe2170853734a","first_seen":"2026-05-04T19:13:55.161097Z","last_seen":"2026-05-04T19:13:55.161097Z","times_seen":1,"resource_available":true,"data":null}},"time_used":715,"timings":{"blocked":294,"dns":76,"connect":73,"send":0,"wait":126,"receive":0,"ssl":143},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"s-slon6-cc.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s-slon6-cc.lol/antibot_generatecaptcha?FZoLoo7a4D","fqdn":"s-slon6-cc.lol","domain":"s-slon6-cc.lol","tld":"lol"},"ip":{"addr":"91.201.41.202","port":443,"asn":210079,"as":"EuroByte LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://s-slon6-cc.lol/","date":"2026-05-04T19:13:06.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"s-slon6-cc.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:08:26 GMT","end":"Mon, 27 Jul 2026 08:08:25 GMT"},"fingerprint":{"sha1":"BF:96:0A:45:2C:C8:D1:7F:8D:AF:EB:E4:1E:35:AC:F7:DE:40:DF:CC","sha256":"78:E2:5D:16:22:3B:66:14:02:09:5A:51:CE:4F:5F:C6:CF:3F:F2:0E:19:F7:B1:76:72:5F:CA:53:FD:EF:E2:51"}}},"request":{"raw":"GET /antibot_generatecaptcha?FZoLoo7a4D HTTP/1.1\r\nHost: s-slon6-cc.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://s-slon6-cc.lol/\r\nCookie: antibot=5add3f97-04e1-4bf0-b7bb-819eac216ccc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 04 May 2026 19:13:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 11570\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nCache-Control: no-store, no-cache, must-revalidate, private\r\nExpires: 0\r\nLast-Modified: Wed, 14 Jan 2026 16:48:55 GMT\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11570,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"Blender:File:C:\\Projects\\captcha\\captcha-3.blend\", comment: \"Blender:Date:2023/02/14 23:51:48\", comment: \"Blender:Time:00:00:00:00\", comment: \"Blender:Frame:000\", comment: \"Blender:Camera:Camera\", comment: \"Blender:Scene:Scene\", comment: \"Blender:RenderTime:00:00.08\", baseline, precision 8, 380x120, components 3","md5":"f1fe04ee0448533ae5ecda93e76e99da","sha1":"3b07e9e8a6721ede5ba81d1435c208e91ac031f9","sha256":"2bf98580255fbc8c43aac4900afcd64861f9b3e6b69eeedd3f818c98186ff620","sha512":"5148509fb29cd910376ede68846a511765c088239d78ade7e64e7182887e46251d6155160088d25e6188e2bb92e44aebfdc505c3707ee5df60e754183ce56e8d","ssdeep":"192:RjyAEiyLxVQgQz3AWu2NV7GQUBZf5vlUf3xtNWa3Du9LOn9AsInafOhggz3cr:VyAEiyLxVg3AAj7mf5vk3zcPshcA","tlshash":"4132c010cb9090e05d6177ff9f445618d2895c47f0e97ec5e642fac7a04648e69e8f0d","first_seen":"2026-03-21T05:52:18.72259Z","last_seen":"2026-05-04T19:13:55.162646Z","times_seen":2,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"s-slon6-cc.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s-slon6-cc.lol/favicon.ico","fqdn":"s-slon6-cc.lol","domain":"s-slon6-cc.lol","tld":"lol"},"ip":{"addr":"91.201.41.202","port":443,"asn":210079,"as":"EuroByte LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://s-slon6-cc.lol/","date":"2026-05-04T19:13:06.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"s-slon6-cc.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:08:26 GMT","end":"Mon, 27 Jul 2026 08:08:25 GMT"},"fingerprint":{"sha1":"BF:96:0A:45:2C:C8:D1:7F:8D:AF:EB:E4:1E:35:AC:F7:DE:40:DF:CC","sha256":"78:E2:5D:16:22:3B:66:14:02:09:5A:51:CE:4F:5F:C6:CF:3F:F2:0E:19:F7:B1:76:72:5F:CA:53:FD:EF:E2:51"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: s-slon6-cc.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://s-slon6-cc.lol/\r\nCookie: antibot=5add3f97-04e1-4bf0-b7bb-819eac216ccc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 04 May 2026 19:13:06 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7508,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (865), with CRLF line terminators","md5":"d067632dbc49d87ba4e430a3b20074cf","sha1":"c77f6dea6680b5dd5fc199ebbb515f570429945c","sha256":"2d874988d4537d442c567c7f6a5597ac27bbf9de808dea162b4caa8453b304fa","sha512":"a6fe504e927c15e752b2572cdc36d1c1b81fd7463397f82ace9e5108f4814d18dc19fb2cf3d887fa5da3cf474ce4c23f87fba606b8492382c9fa05655faeb1fc","ssdeep":"192:a0YT7oQ8vZY7dy46/Q32MQNuQwY9CJnR0W7utVd6C0y+Vj4n9dU2lro:/Y7oQ8Ydy46/Q3SNuExWqtD6p","tlshash":"f0f1543316e66ca96154e05bd4117e8cbee740bf67ae0a9134293c6fbfe2170853734a","first_seen":"2026-05-04T19:13:55.163582Z","last_seen":"2026-05-04T19:13:55.163582Z","times_seen":1,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":0,"dns":1,"connect":31,"send":0,"wait":217,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"s-slon6-cc.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}