{"report_id":"26312e04-4516-432b-9379-50b83b7fc2d6","version":6,"status":"done","tags":[],"date":"2025-10-26T17:45:59Z","url":{"schema":"http","addr":"lowrust.hb.ru-msk.vkcloud-storage.ru/","fqdn":"lowrust.hb.ru-msk.vkcloud-storage.ru","domain":"vkcloud-storage.ru","tld":"ru"},"ip":{"addr":"95.163.53.117","port":0,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"http","addr":"lowrust.hb.ru-msk.vkcloud-storage.ru/","fqdn":"lowrust.hb.ru-msk.vkcloud-storage.ru","domain":"vkcloud-storage.ru","tld":"ru"},"title":"lowrust.hb.ru-msk.vkcloud-storage.ru/","dom":{"size":105,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"aebcc340e86f9c3302ff5b8323edf6e0","sha1":"b58e0e7a53a0439b1bfc74bd258c60574d42ee7b","sha256":"061056a9b9e35fdfda55547f78a2f22f1d3d856a7d9ac1de598348a4d05d6d87","sha512":"a79ac8da1b154dce1d6b20c120e67541b0bf794e84fe51bdd5eeeb2909b3ad43f16a088bff14a03739992e7bacf9d5814fafc30b9a5717a77c9b699a9c393479","ssdeep":"","tlshash":"6fb01217b57434195442187bba3af331e004093033c432f59547f18babc2cc24c28210","dom_hash":"domhash2a91dc5e45e671440e67aaa2530226ef","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PEVycm9yPjxDb2RlPkFjY2Vzc0RlbmllZDwvQ29kZT48TWVzc2FnZT5BY2Nlc3MgRGVuaWVkPC9NZXNzYWdlPjxSZXF1ZXN0SWQ+UTFtY0VKRGp3ZTwvUmVxdWVzdElkPjwvRXJyb3I+"}},"submit":{"url":{"schema":"http","addr":"lowrust.hb.ru-msk.vkcloud-storage.ru/","fqdn":"lowrust.hb.ru-msk.vkcloud-storage.ru","domain":"vkcloud-storage.ru","tld":"ru"},"ip":{"addr":"95.163.53.117","port":0,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-30T17:45:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"lowrust.hb.ru-msk.vkcloud-storage.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"lowrust.hb.ru-msk.vkcloud-storage.ru","ip":{"addr":"95.163.53.117","port":443,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"domain_registered":"2024-08-09","domain_rank":0,"first_seen":"2025-10-26T17:45:59.199143Z","last_seen":"2025-10-26T17:45:59.199143Z","alert_count":3,"request_count":3,"received_data":1122,"sent_data":1323,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"lowrust.hb.ru-msk.vkcloud-storage.ru/","fqdn":"lowrust.hb.ru-msk.vkcloud-storage.ru","domain":"vkcloud-storage.ru","tld":"ru"},"ip":{"addr":"95.163.53.117","port":443,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T17:45:36.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vkcloud-storage.ru","organization":"VK LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 04 Sep 2025 16:54:06 GMT","end":"Wed, 30 Sep 2026 17:26:07 GMT"},"fingerprint":{"sha1":"1A:06:F8:79:EF:0B:58:C3:83:4F:5F:AA:95:39:88:FB:06:59:C9:E9","sha256":"A6:24:98:DE:3E:5C:0A:C4:19:9E:2D:56:2F:11:3F:CF:CD:21:5C:6B:F9:7F:AE:B2:6E:11:4C:99:88:C6:44:21"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: lowrust.hb.ru-msk.vkcloud-storage.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.20.2\r\nDate: Sun, 26 Oct 2025 17:45:37 GMT\r\nContent-Type: application/xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Req-Id: 8wwBdzKCd8\r\nX-Host: hb-bl3\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.20.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":144,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"cee99f2834a24958a1a98b85b8931edb","sha1":"94cb1e109066be8c893bcbe3fbf3515714e2d5f2","sha256":"cbe25a8faab8684ca10dfc027269e5b0c9fed8d9dfcf75f01f09d0b2a00ba7b5","sha512":"ae874776911cbc6138372a4d8554e78738dd5b0b7b09f17799945dd6f373bc9f117bb97e232ea60adafadd3e2552fc139ee1c007f131a6a89b3a26cb822f9ce4","ssdeep":"","tlshash":"4cc02b06f310642908410e76f73ff321e304083023c03bb469c2a8830fc74c10e1c360","first_seen":"2025-10-26T17:46:00.181458Z","last_seen":"2025-10-26T17:46:00.181458Z","times_seen":1,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":193,"dns":61,"connect":43,"send":0,"wait":54,"receive":1,"ssl":87},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"lowrust.hb.ru-msk.vkcloud-storage.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"lowrust.hb.ru-msk.vkcloud-storage.ru/","fqdn":"lowrust.hb.ru-msk.vkcloud-storage.ru","domain":"vkcloud-storage.ru","tld":"ru"},"ip":{"addr":"95.163.53.117","port":80,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T17:45:37.260Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: lowrust.hb.ru-msk.vkcloud-storage.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.20.2\r\nDate: Sun, 26 Oct 2025 17:45:37 GMT\r\nContent-Type: application/xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Req-Id: Q1mcEJDjwe\r\nX-Host: hb-bl4\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.20.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":144,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"3f90a49c6c5caa8b2b48a0428c33b276","sha1":"83e46e255db0e73d65841bf2a6d57b0be8e73e89","sha256":"7cfbe493eb277acde103b0ae73c49d96f5687c1d8f97ec21461fda2ba88f227a","sha512":"8f6401ce0727d2eb28d1888cf3bd993667abaeb43e2985db130c92d420a4f8021e85185c41634821d23c45e1cac443d5627a0797cf4f5e0686ecefcba4498d47","ssdeep":"","tlshash":"67c02b02f220742508810d377b3ef220e304193023c032f4a9c3a9c75f82cc10d1c310","first_seen":"2025-10-26T17:46:00.183777Z","last_seen":"2025-10-26T17:46:00.183777Z","times_seen":1,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":38,"dns":1,"connect":44,"send":0,"wait":61,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"lowrust.hb.ru-msk.vkcloud-storage.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"lowrust.hb.ru-msk.vkcloud-storage.ru/favicon.ico","fqdn":"lowrust.hb.ru-msk.vkcloud-storage.ru","domain":"vkcloud-storage.ru","tld":"ru"},"ip":{"addr":"95.163.53.117","port":80,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://lowrust.hb.ru-msk.vkcloud-storage.ru/","date":"2025-10-26T17:45:37.490Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: lowrust.hb.ru-msk.vkcloud-storage.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://lowrust.hb.ru-msk.vkcloud-storage.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.20.2\r\nDate: Sun, 26 Oct 2025 17:45:37 GMT\r\nContent-Type: application/xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Req-Id: u9xmUaY4Ps\r\nX-Host: hb-bl4\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.20.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":144,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"85ce9af4133ef7b1ef8fb2631f0991b8","sha1":"b1a503573ecf66ccbddbec39d19855bc23af1b24","sha256":"cd35c8e98907bc52b43e9364565b5778328f3ed5663940926678a643d34bd13e","sha512":"0df72f25a21a234da70dbb20a0d2e7888451c423042431d386e0245f37f4e743b950c1663baa62d67fdb969fffb00546ce95dd77f6ea19411fcfab54a3903579","ssdeep":"","tlshash":"d3c02b06b300641708410f76b73ef220e310093033c026b86dd268934fc38c14d1c310","first_seen":"2025-10-26T17:46:00.185918Z","last_seen":"2025-10-26T17:46:00.185918Z","times_seen":1,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"lowrust.hb.ru-msk.vkcloud-storage.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}