{"report_id":"2d439a9c-507b-405c-ab57-8d00c8c5474e","version":6,"status":"done","tags":[],"date":"2025-11-15T18:31:48Z","url":{"schema":"http","addr":"slivach.org/","fqdn":"slivach.org","domain":"slivach.org","tld":"org"},"ip":{"addr":"188.137.181.240","port":0,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"final":{"url":{"schema":"https","addr":"slivach.org/","fqdn":"slivach.org","domain":"slivach.org","tld":"org"},"title":"Ошибка","dom":{"size":8039,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6053)","md5":"eb40c7e73b920c8c1039f591766f42d9","sha1":"94eff4083cdfc43397f1ed710a5bef1054c09b9f","sha256":"f024e1611739bcba2edb616c30a9f3a77e8c1ace333c9cb175f704f70f9f8662","sha512":"4acdcb98fde29d3b8ee3d154e711787c523f52d11e8cbb7a717d4da4230c503317540d94fcdb13f0420003e133644b94585e97d1566632ba10686ef97336dc26","ssdeep":"192:d+aOyfhZeQlVSIt3OlD1yfrGHuTFEegjtOwFWfj:ZiegjtOD","tlshash":"0ef157bee29047b7923b831e654474047e1f6ca3cb225fd1e9a184d157cad602901ffb","dom_hash":"domhashb12cf812b79492e691a26c75b80fd637","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"slivach.org/","fqdn":"slivach.org","domain":"slivach.org","tld":"org"},"ip":{"addr":"188.137.181.240","port":0,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-20T18:31:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"slivach.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"slivach.org","ip":{"addr":"188.137.181.240","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"domain_registered":"2024-11-16","domain_rank":3226265,"first_seen":"2025-08-30T16:57:32.118528Z","last_seen":"2025-10-31T22:42:04.356444Z","alert_count":3,"request_count":3,"received_data":18067,"sent_data":1481,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"slivach.org/","fqdn":"slivach.org","domain":"slivach.org","tld":"org"},"ip":{"addr":"188.137.181.240","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"scriptElement","is_inline":true,"md5":"9bc85089ece6a1cc0433c56f8fffb5f0","sha1":"6950a046d6aaabdd952c7e88b89c32733e92516b","sha256":"8dc48d7a0a76e85b4595fc0049d5c9ae0049a9a87f7f8b33be5c1f10d525e367","sha512":"0958d1a99082f304cf75d48cd5061832b0e5849ced4d419d78435f95e52eaa6b38182285e0a297451d536b3aba807985efccfedc4885718c0e3a61f5be5afda7","ssdeep":"","tlshash":"34c022e27acb08228484201380107a283ce7017dbc02907658a81db070e4246863d9d2","size":189,"data":"","first_seen":"2025-10-06T13:06:30.578927Z","last_seen":"2025-11-15T18:31:49.673717Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"slivach.org/","fqdn":"slivach.org","domain":"slivach.org","tld":"org"},"ip":{"addr":"188.137.181.240","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-15T18:31:26.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"slivach.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 04:05:19 GMT","end":"Wed, 17 Dec 2025 04:05:18 GMT"},"fingerprint":{"sha1":"E2:D9:F0:EF:D4:06:19:35:0A:4D:E4:BF:9B:07:10:1F:DB:AF:AB:47","sha256":"A7:1A:7F:DA:99:17:41:FF:EB:B5:0E:E5:E2:18:2F:89:EA:6E:29:58:1E:77:C7:66:23:0C:42:3B:76:FC:7E:7D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: slivach.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 15 Nov 2025 18:31:26 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=an1rlmc4mivaa6lh7ij4d6ni25; path=/; secure; HttpOnly\r\nstrict-transport-security: max-age=31536000;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8062,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6053), with CRLF line terminators","md5":"e41c7070218cf49ab9339b76885308ec","sha1":"4d83a351f2ef9f96f980279739a0deff63fd7608","sha256":"0cdddaf9adf94706fc016c5ad6cb6e70c9ee730e380098502c9def79af0f8c8b","sha512":"9fcced3ef3e16aa159644d5792e1eaef4abcc0e9e8bcd0bfd2cf2202f88d933432fb06b55a2c6bd5ef06b6aed917fc919c1c1e5f0243a04a97dd8de2622073cd","ssdeep":"192:h+aOyfhZeQlVSIt3OlD1yfrGHuTFnc/NqLfaWv:N5c/NqLR","tlshash":"26f144bee29446b7923b831f565474047e1f68a2cb225fd1f9e0849257cae602901ffb","first_seen":"2025-10-06T13:06:30.575931Z","last_seen":"2025-11-15T18:31:49.671579Z","times_seen":4,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":33,"dns":1,"connect":16,"send":0,"wait":22,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"slivach.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"slivach.org/","fqdn":"slivach.org","domain":"slivach.org","tld":"org"},"ip":{"addr":"188.137.181.240","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-15T18:31:26.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"slivach.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 04:05:19 GMT","end":"Wed, 17 Dec 2025 04:05:18 GMT"},"fingerprint":{"sha1":"E2:D9:F0:EF:D4:06:19:35:0A:4D:E4:BF:9B:07:10:1F:DB:AF:AB:47","sha256":"A7:1A:7F:DA:99:17:41:FF:EB:B5:0E:E5:E2:18:2F:89:EA:6E:29:58:1E:77:C7:66:23:0C:42:3B:76:FC:7E:7D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: slivach.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=an1rlmc4mivaa6lh7ij4d6ni25\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 15 Nov 2025 18:31:26 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8062,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6053), with CRLF line terminators","md5":"e41c7070218cf49ab9339b76885308ec","sha1":"4d83a351f2ef9f96f980279739a0deff63fd7608","sha256":"0cdddaf9adf94706fc016c5ad6cb6e70c9ee730e380098502c9def79af0f8c8b","sha512":"9fcced3ef3e16aa159644d5792e1eaef4abcc0e9e8bcd0bfd2cf2202f88d933432fb06b55a2c6bd5ef06b6aed917fc919c1c1e5f0243a04a97dd8de2622073cd","ssdeep":"192:h+aOyfhZeQlVSIt3OlD1yfrGHuTFnc/NqLfaWv:N5c/NqLR","tlshash":"26f144bee29446b7923b831f565474047e1f68a2cb225fd1f9e0849257cae602901ffb","first_seen":"2025-10-06T13:06:30.575931Z","last_seen":"2025-11-15T18:31:49.671579Z","times_seen":4,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"slivach.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"slivach.org/favicon.ico","fqdn":"slivach.org","domain":"slivach.org","tld":"org"},"ip":{"addr":"188.137.181.240","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://slivach.org/","date":"2025-11-15T18:31:26.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"slivach.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 04:05:19 GMT","end":"Wed, 17 Dec 2025 04:05:18 GMT"},"fingerprint":{"sha1":"E2:D9:F0:EF:D4:06:19:35:0A:4D:E4:BF:9B:07:10:1F:DB:AF:AB:47","sha256":"A7:1A:7F:DA:99:17:41:FF:EB:B5:0E:E5:E2:18:2F:89:EA:6E:29:58:1E:77:C7:66:23:0C:42:3B:76:FC:7E:7D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: slivach.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://slivach.org/\r\nCookie: PHPSESSID=an1rlmc4mivaa6lh7ij4d6ni25\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 15 Nov 2025 18:31:26 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 841\r\nlast-modified: Wed, 27 Nov 2024 12:06:35 GMT\r\netag: \"67470b4b-349\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nstrict-transport-security: max-age=31536000;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":841,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 120 x 120, 8-bit colormap, non-interlaced","md5":"ad97228cfa25e2b4cc075b7770d3992a","sha1":"f7620cc02da87c3a85e26268fb8bd2172232fa4d","sha256":"8a58bf72bea1869f3bf8539f4a70e52cdcd9a70f0971bcaf8ba21da519ecdcfa","sha512":"18b586b7a221a04c9267c5a3f5c6795017c7c73017faac93932063f85bbfa0f92b61e1aa6a0faf118f7a72c7b3fe4a3e39fbfeeebaf42a9e1f53ede49beda11b","ssdeep":"","tlshash":"160146e60a8e54755ecd4d214368547cce1e34dc83a2dc94f26158cc7db1d85fef4652","first_seen":"2025-10-06T13:06:30.572683Z","last_seen":"2025-12-06T10:24:09.650676Z","times_seen":6,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"slivach.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}