{"report_id":"426b9884-f7e0-41d8-b201-aa48c0a531aa","version":6,"status":"done","tags":["microsoft","phishing","tycoon","aitm"],"date":"2025-09-25T05:10:02Z","url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"title":"​"},"submit":{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T05:10:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"h1smxsp.ceshootai.sa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-09-21T22:12:58.000435Z","alert_count":0,"request_count":1,"received_data":61832,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"e18.kiviotio.ru","ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-28","domain_rank":0,"first_seen":"2025-09-12T20:19:08.578513Z","last_seen":"2025-09-12T20:19:08.578513Z","alert_count":76,"request_count":33,"received_data":1479357,"sent_data":43311,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ipwhois.app","ip":{"addr":"136.243.53.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2020-06-10","domain_rank":48917,"first_seen":"2020-06-10T18:52:00Z","last_seen":"2025-09-22T05:06:36.779719Z","alert_count":0,"request_count":2,"received_data":1828,"sent_data":954,"comment":"","tags":null,"fingerprints":null},{"fqdn":"h1smxsp.ceshootai.sa.com","ip":{"addr":"172.67.161.18","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":1,"received_data":1152,"sent_data":644,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"xhyw.frootriocre.za.com","ip":{"addr":"104.21.74.186","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-18","domain_rank":0,"first_seen":"2025-09-25T05:10:04.445864Z","last_seen":"2025-09-25T05:10:04.445864Z","alert_count":1,"request_count":1,"received_data":582,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ajax.aspnetcdn.com","ip":{"addr":"23.36.76.194","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2010-10-12","domain_rank":21241,"first_seen":"2012-05-24T13:35:31Z","last_seen":"2025-09-21T23:18:45.449512Z","alert_count":0,"request_count":1,"received_data":89985,"sent_data":438,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"388100a65803f9c3bfc640e0fedf033f","sha1":"5560143b97a0d4fb96b0741c7baa4255086dd56b","sha256":"d267e271103a544452e6c5b8b603181ccb5084d31dd322a74a08a02176892be5","sha512":"8bec41f757caf2f9a3aebb0f4bd6647c16e40f8afca9447ac1a19d72cc09a972c983baea5a6917e81fd4f1e25dfa7bd76e6b3cb2a29be63d12afc04e934a050d","ssdeep":"12288:qzjner4vPWyrrubNBRPUtDN+Nvt0NcCS6E:qzjnhP5ruzRMtoNvtqS5","tlshash":"04a4f10189c82ff99f6c450dd0be1a1ea3e04b9e855b754adb377d47bfeba04021b189","size":471839,"data":"","first_seen":"2025-09-25T05:10:11.231436Z","last_seen":"2025-09-25T05:10:11.231436Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/56q0GXuThn3eYSabiYAx9qkllB6ksy0fMmu89732","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-26T19:32:57.905391Z","times_seen":484681,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d9c6de0df2bf028d93924aff92487904","sha1":"6596050516dd12af52d9b0e7b18ed837f1d81300","sha256":"769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc","sha512":"6be4940eec0dcd70efcf85eb21c5c7b827f4f3dfe2240a0de259ab5c9835f179ddb8a2ba6250c73516a5bf8c9dd4de3438a23cd2d162745faba9314a18fa1615","ssdeep":"1536:R8K6Znxmj9rlvCOhI64j7AtSPtNPU9ArHMLlk:RV6+jKOh4z","tlshash":"65535bc0629c5491a3b76480087f740b7073353b0a1d5aacf658faefacacad6907cd39","size":60819,"data":"","first_seen":"2023-11-02T21:20:28Z","last_seen":"2026-06-26T18:14:10.384336Z","times_seen":31357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce18ef95caa5677477da88a010850d9a","sha1":"40d1f3b85553e05654a26da71ff05b1bb582271c","sha256":"a51764e44a92c9059cdffa0d54fc47873f467981aa85a5f40c0531eb486ecec6","sha512":"dee8564f013621bcb42243cd227c4e9b992a4ef87ea02a44ebee32949436d7f0271dea9d6a55d44c65d66c1cc6a3e112b6a30f2e971d109848c0871404f4401b","ssdeep":"384:YsQCIdOa1bam0BoPKiw6/JhIZAFwDPBXlcXDz0Ty6dSF7IgudHrhX:Y3b4+a2iihnIZGwDPBu0Ty6dU8gOx","tlshash":"0392cfffdc1624b25f307ca76cefbdcf18b12d41b526c0c13a8a58b44a9a52b05a3875","size":19991,"data":"","first_seen":"2025-09-25T05:10:11.232976Z","last_seen":"2025-09-25T05:10:11.232976Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fbb22f0483889d039b0092f0fb057f3e","sha1":"b85a3bf9ebc2147e7882e55f1bdc7035c6bc260e","sha256":"48650792afbcf14596c768183e494ace7dd29bcab996fe70bd1142937e734c5b","sha512":"c3fd3b75b1c16c80718788c226dc0ad046c57a4bfdbba1d6bed80f34e164db3d0b870b1e00fc708c521338c76cef01f5a89a49683419456edbfa1e12621f7a2e","ssdeep":"","tlshash":"1001d077311b1c7a0cde9dbf94e5fa68781000813d40e881217c8c2dae27c82967f5d8","size":754,"data":"","first_seen":"2025-09-25T05:10:11.234272Z","last_seen":"2025-09-25T05:10:11.234272Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc95e4eac3eb5d78c79f536536319d11","sha1":"949918a9c7cd6732cdba4fe58ca3ac2467c51173","sha256":"a6e35ff7ec561a112cff8a3e30a91eb75b6ab64f1f7bbdad6d07b48e170dee50","sha512":"8f30361d8b66672effb55b3784e0082668c3b784fb77ad938602fe7895412878d1555111ed6daa2195d10056cf8e7f11134e9735e1d41a9b1707960f4265b671","ssdeep":"","tlshash":"fae07d79b1e0a57041ca742ce2d5cee43f7760c81452d948242c8cb031accc41114e95","size":311,"data":"","first_seen":"2025-09-13T08:52:51.225593Z","last_seen":"2026-04-30T16:00:37.101847Z","times_seen":473,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/34b8JVKePOijbFV7i9hyyJJgklJo7ui7ynCGg89110","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ace623e0b30a988ab582c1a5a7fa4c2d","sha1":"e2646dd46fd1888a030689ee380b46712cba1f09","sha256":"7dd58c1c2e1c8efc3de2bd50f34102be5f29c4a777cb3980a19bf42b1571a4f9","sha512":"6f650c2e8cc1f6014fd7f598cf46a3baec225ae9388ab73384f4675a73bc31bcc2b64831d1b20da0a3fc36b3f2ce5e5c7fa76c47f7249931c4a92c7c93a80f4e","ssdeep":"6144:sFTAHYxEQtdzfInhAG4yiqFaFN9EYsYa6C56jSCjDUI7vbN/vSF2M74:yTA44hD1rFaFNeYszZAWkIITRG2f","tlshash":"5e5423a20d9b3a73daad153ed44f0f647ee65ad457ead5dd23c038d2804d5820c8ba3e","size":285370,"data":"","first_seen":"2025-09-24T20:50:08.044543Z","last_seen":"2025-09-25T09:53:10.631214Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"d68ae0047e05439d870edf1286d9b1fa","sha1":"de3b69506f1ab97fa125c5d1ac38f5199808298a","sha256":"74445a4b0eb1c7dd7a7ca33e3bd4374582b422d95b8dc75a89b6300163304cae","sha512":"9d4b43d9a4981d20a6cb10be301949ed32d5cce86423bc16f70640a26cb074bb279f6ea83105fb76b30efb731237082b8165dd1d92ba2de4a8f9cd367331a832","ssdeep":"6144:ZE1wyKlcyiUtctIWCUyK3H1MIaDAe1UyKlan1a51b4Wml6oQBwYLGUt:ZE1wyKlcyiUtctIWCUyK3H1MIaDAe1U/","tlshash":"fb248572175c3e85cd59e804f6bac62d87082833582198e7da1e3ddc3e6d5abd480edb","size":212650,"data":"","first_seen":"2025-09-24T20:50:08.093822Z","last_seen":"2025-09-25T09:53:10.657913Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"1dc5ce146dd6d2c93ca00c76e0cc05a7","sha1":"41820f0bb2cd61663adf963bc6d008a83468a3ab","sha256":"f0d8ce786b9cdde5da2cc57cd71276cfa54da9f9da9d6cf88770f1cbf99e359d","sha512":"ee469f55718c0c4e722fdc701fb89d5f8e9d80bc023de9307a04117b561416dd0a9b0ab7263de957b4438812fd9ed88820db2d1837925abd22b9a8bf8ed1cb68","ssdeep":"3072:cTeYGA5KYmPYJpYYqJpTFDYYAJEbnC52DWAqWwfyF6b9cdZqRoIItKBWSPt:ciYGA5KYmPYJpYYqJpTFDYYAJEbnpR/G","tlshash":"24f3a6571fa05aa923990abf322760e9f806182c35429edfd11cfca465e6313fdf5872","size":159477,"data":"","first_seen":"2025-09-24T20:50:08.081866Z","last_seen":"2025-09-25T09:53:10.669717Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ab8b1364858747cdd8f17a8f95857d84","sha1":"c49034c48f8011faed179f4147c077eaf6bbd95f","sha256":"17711e589a98269a5730d7c35df1d82cfd0993d9a826fc225400c2c4bfcf5f4a","sha512":"4d9ac4034182ac9153a2ac2155a706b21a96e3c9e376b5e819c167b09a6da4c927ec5dc1083926b22e0acc88bf3b826fc7b9159c6f113dcc2c62b0f02b8663c3","ssdeep":"","tlshash":"1b61635ea0065572a233b3bed7b6e605fe3b863b00818a247cac05203ff55551285fdc","size":3459,"data":"","first_seen":"2025-09-25T05:10:11.241227Z","last_seen":"2025-09-25T05:10:11.241227Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"e651356d7358730695ce8a0a9bacb60e","sha1":"3f4d2e1756f7ebb0aef366e29e677cd227ff555b","sha256":"b022183655318bdb31f3237c3e5e59aba5c038dd649412dc5c32e74c0c5e867d","sha512":"e46b77eaac7b27e1bffcf0c898dc7f5b047821e9975aa0fd63523503c77c9d8c17de3f6c52df71154f9f68b8088eeb9ca5925251b912f5f3ce72f142b4d874d9","ssdeep":"768:vJHX2/5qi14qGjMqYHF1aDvP14qGjMqYHF1aDvP:vJHGMqGlqqGlP","tlshash":"0bd207169d132e1e8760617674edc6e59d3d63cf348200ed283ee6c5dbb988268e1ecd","size":30565,"data":"","first_seen":"2025-09-25T05:10:11.244154Z","last_seen":"2025-09-25T05:10:11.244154Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"021c6d5c4380500b55ddd674209b80c7","sha1":"337426a8ed7fe83925c7631d3422b35be0968c64","sha256":"ec6e9a14d5dc47c1338f3130cafe380f075a08bebcec803a4a412f7f794c8f7c","sha512":"559d529df1bc39148de047e3560b5cc3924f1bb935caea61b426f89afe70c33741b81eba0208112dd1b9914509a5ffb0ed62e8217493c362b0cc1dc076884546","ssdeep":"","tlshash":"1d11ef1a7076a6780b87ecd571a3b19e46712a30b204ecd2554ea40956efd74ca7f0d4","size":1078,"data":"","first_seen":"2025-09-25T05:10:11.24597Z","last_seen":"2025-09-25T05:10:11.24597Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a6739f5c33345f2b0e2943b1100a4bba","sha1":"82946f6121001d3326fb290f453a6cb821f8cf67","sha256":"2a6b0a6f4aa32efc120e2433421a95dd8f78fe02acf1d6e961a294cd59378d1b","sha512":"835b0d41b38b80f25ceb44cfdd1ad64c051a730acc5bf8154bc1198a0f3472814fc3542122da271843cf58da9d90c3380395a6208f10a212d344d7851aa95b61","ssdeep":"6144:L5x7qkrX3qbmg+JuhrPGOOu79MF5htBRWMgmdh3A/UTbn+bkx3k3k7FxD1HwsS0X:f7Tmbmg+JeGnEMF5cm7A8TYkx+YR1zS6","tlshash":"ea7423b4dac55dd340d40ac7e1fb0b7717d952d3dc18166dafa01842a02ceb28faa7da","size":353803,"data":"","first_seen":"2025-09-25T05:10:11.247925Z","last_seen":"2025-09-25T05:10:11.247925Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a360108b87d629df5c2f7cd74972dfd3","sha1":"b4b5e49d45a2b040289663d14090c2bd72143193","sha256":"1a03abc1823a74a48a39befa48a7dc377ad680c8db718a6b3f3d09a40d4b1a5f","sha512":"8cd1d0c40e0e12a7583241a883472195a6e118cde6ae1315d0d8f77e6ebb14cd6b9af5039c3a902c57ac1ba74920bc219e31ef5a1ee427a8423db2a985ff7dc2","ssdeep":"3072:mmtS1AAWqvoMFkXYaVSjDdO15IYMU+8bdawEn9AIdHdVoUA+yxUhNXeC30lWqadM:EFkzV48bXRNkLMU1Dk9ERqh","tlshash":"02449e0a9b941ac4eff8d703d079952d5171878ee984a4cde3333e87ab2fd39528958c","size":264467,"data":"","first_seen":"2025-09-25T05:10:11.249427Z","last_seen":"2025-09-25T05:10:11.249427Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js","fqdn":"ajax.aspnetcdn.com","domain":"aspnetcdn.com","tld":"com"},"ip":{"addr":"23.36.76.194","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-26T19:32:57.905391Z","times_seen":484681,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fdd836519a9de6e00e69504e019fb091","sha1":"5814fe94dab6229d15980ef95127c33ea09efb97","sha256":"5a8a2d94513ed1fa89730da8df865b01727e0f05aca405d55b37171d4b43a722","sha512":"cb5bfffa9fd6f6d5d2f93fcc4cad26bcb05cc3cbef87b1318aa0368a54bafee027c8cf865da82ba0e56fc6e77ca2a1a0a0d45f0b62b8dcdf2dda972f5ed18fc1","ssdeep":"48:4il+fvTeGrzFGCLASYLtiGWLASyLtErqN0sIeJEHbdiZHp9bQeDMhcqct/maq86w:/l+qoFEDi4V0OBSOHjMSCYdkSwCYdcv","tlshash":"0f91fe8b60665f8321b338065acb563936774aeb5a4cc103394ca5567f3061f42affad","size":4451,"data":"","first_seen":"2025-09-25T05:10:11.250877Z","last_seen":"2025-09-25T05:10:11.250877Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/340bawlC2mRh86A2cFnwN5gbij6y8Wr1wA4avLL689747","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c20a2be8ba900bc0a7118893a2b1072","sha1":"ff7766fde1f33882c6e1c481ceed6f6588ea764c","sha256":"b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500","sha512":"8f80ad8adc44845d24e13d56738a2ca2a73ee6fcdc187542ba4aaebbf8817935d053a2acfb0d425b9cc0c582b5091e1c9fe16b90b3aa682187645067c267fc41","ssdeep":"192:LRSvXVHfVj+WdqfkkoKhUBhMAcT6iuvBiFj0gba6qiG2pPj:LQvXVHXiNkMAcT6i+4mgPj","tlshash":"ce22a58932933026af5391b440bf140af2f69589d45cade8ab29d1e27d7290d46f7f38","size":10245,"data":"","first_seen":"2024-05-30T22:56:13Z","last_seen":"2026-06-26T05:09:40.534567Z","times_seen":52655,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f6affa6cfd9bee6c94e2c352e2cd341","sha1":"2a274be10f679784ece8733cf1ecebde957bdac3","sha256":"b8bdafb02a6eb476dec06a0a818f119b7ceb77ff610802b7994d056c0ba887d5","sha512":"6b8149b6d464b5c97fc139ce3bfaf598d52c63f3bea241e697f5136a6dbd9fdfe5fffd685074a89832408af08bb61af6b0a28fdb3bb95230d477307325b0b9de","ssdeep":"768:OzByRIBiElI2NjGrEnp/rbfbfD24G9PdJ+1daq2KEji2:QByIiElBlGMpHf24IH+1d7xf2","tlshash":"9b13f1744471ce04e3f9767db48fbc657c08ef62ba25dcec4725e681ad067012838baa","size":41960,"data":"","first_seen":"2025-09-25T05:10:11.25274Z","last_seen":"2025-09-25T05:10:11.25274Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa7baddd38227c8a30ed84af26a7d289","sha1":"d12ac0d196deaa7554eb4b61d591b088d9c2d359","sha256":"643a6d8bc12095c377953d8a1e3bc9ff664940190387004c8dee1fe3db397a13","sha512":"5095435c3603bdfada5067f9a352a8ee45c789d0842e59731e16f25c23b3d2feaedeb590b9ed76ebf3e1ab545c250da9a2d99ce9e8c4c3ccb3f1c85442bc82ea","ssdeep":"1536:GiO6NR2VfwdRXI8LrE0wggujTiq7oQV1YtRh:PdWfS7UxgDTJ1Yt","tlshash":"e443e120c8d96f90dfbd581480f5031abbe140a55867350feb86bd4effaea52470a5e3","size":56051,"data":"","first_seen":"2025-09-25T05:10:11.255087Z","last_seen":"2025-09-25T05:10:11.255087Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4c83c7ecd3896c6000547763c813781f","sha1":"f51326eaed7e640ea61cc81accda691093e8301f","sha256":"c0b58c8167ebf438d95ba37b182931dcedd6372852759110e9ec6e69297ef2fe","sha512":"1d1c83d4e804b9a5c809c7ab64fba3467e743c6cf52b97643d80820caefdaaeb07b4aaeb43a3c463d67b24f93dd5dd5c7e7328b6813c012706ddb4ee91a64b20","ssdeep":"384:Af+G95L637XNcl1aHgc8iIieMi4iZzNikqB/W:AxHLoxlQVZYkd","tlshash":"0d52529a342114708af727f7b2b74284f83461376a80d522f4bcc9592f71dd1a2b7ee9","size":14108,"data":"","first_seen":"2025-09-25T05:10:11.25672Z","last_seen":"2025-09-25T05:10:11.25672Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"a6fc8d1c7399e1cb2abb038ee956959b","sha1":"18f04cb7884678945fe486c525ff97e63550b942","sha256":"efd4b0a74a3d8cd14074ca1daed0ccc852b14361535c0660eab1f64b74749db0","sha512":"1a19f1e4b2b0d41b1593b18ebfefd954e5d794da4a4eddb7aadb84db658904049084841409ab39002ae58a04ced446ceb3c7d12284c5623fb4c0c73a14599034","ssdeep":"3072:jCcLB3cnIZjlPeYGo2NfqDW8l8RLUO7O+2AlXPuGvjqi6GGU/+sKqHRyRgy:jCcuuZPero2Nf78MwQ28Pnb+U/+sjRyZ","tlshash":"c8149e72a442982b958366f0efb22b8f3fa1c547c9c34146d2f8c39c47c6f55cd4aa69","size":196786,"data":"","first_seen":"2025-09-25T05:10:11.258113Z","last_seen":"2025-09-25T05:10:11.258113Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9dbcb4dbf028b109bb5b06639bb1c30a","sha1":"4bc1e33fd5b71833067e890244d30adee2aadb7b","sha256":"e3f9c518f5f9c7822a87fb1b29ebb0842e48de92520bc4de33d8269f0441a059","sha512":"41092ae1233a2e5fddf5e140bec102ccf37f02ac6d314e291ba713b01cbd9e4cd2b690db191f132aa0e0fd0568694e2208215a8d33f7c8fa94facabde09cb513","ssdeep":"768:bzByRIBiElI2NjGrEnp/rbfbfD24G9PdJ+1daq2KEjim:HByIiElBlGMpHf24IH+1d7xfm","tlshash":"f313f1744471ce04e3f9767db48fbc697c18ef62ba25dcec4725e681ad067012838b9a","size":41977,"data":"","first_seen":"2025-09-25T05:10:11.21516Z","last_seen":"2025-09-25T05:10:11.21516Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c31375fd5485668f00dd50c7f9e1ef2e","sha1":"7a1c2248f7376f5d52a5ad95d72ac342971b9731","sha256":"70c8f1431c2a6ef77e8160c1fd728870e18ddd28906bf27ead259b9a55c934fd","sha512":"7061912bcb36ffd06bc602daacf9d38fa9acd22d2370bfe13224ea17107213dc0b8ec0b29b5eebf59047844d2d9bf536dd6abae09f6d48456e69aa4ce5b3bfd2","ssdeep":"48:uj8IHU0xvAqr+KcQDL34BScpL3STL34BSczL3WOqN03YeJXHEiZmddj1oQSqCIh0:ud3sKcG4ocNA4ocfZOoLmOqCImgv6","tlshash":"6da1cf8b60195f9321b23e1596c35679ea3746fb5a44c103394ca8563f7060b42affad","size":4669,"data":"","first_seen":"2025-09-25T05:10:11.259391Z","last_seen":"2025-09-25T05:10:11.259391Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a3207fc7ea31f8a4f4b3073dd62174bb","sha1":"bd6c6449431f362ef6125c909a35a4f03cc24506","sha256":"5ed86749e1e8b781ae07e14c68a48ccfd055ef3e83262ae2e0c8563777b93f61","sha512":"887fd151ebb0a6bf562350d4119bd26a004226d791de3cac57f3d9d876602c8fd2719fa2a276baf63e1b543de5760b3a7ef69d7044085e50c163fa449d1a6999","ssdeep":"6144:I5x7qkrX3qbmg+JuhrPGOOu79MF5htBRWMgmdh3A/UTbn+bkx3k3k7FxD1HwsS0p:q7Tmbmg+JeGnEMF5cm7A8TYkx+YR1zSy","tlshash":"e57423b4dac55dd340d40ac7e1fb0b7717d952d3dc18166dafa01842a02ceb28faa7da","size":353820,"data":"","first_seen":"2025-09-25T05:10:11.21346Z","last_seen":"2025-09-25T05:10:11.21346Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"e18.kiviotio.ru/font/assets/proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:54.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /font/assets/proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720\r\nCookie: XSRF-TOKEN=eyJpdiI6IlROMm4zeEpndnI4cXFvamJhWmVyQUE9PSIsInZhbHVlIjoibmdUU002cHZ1T0lKWm96Q1BNZjVPRmdaT1VucHlIYk1GYmVJbW9SVnZzUUx4Q1kyaWpXQWtvUHIxOUljdFYra0dsYUdQQ1UyWlQvWE5qSnZKTERKMTdIVjE5OXZjc2tDTGp5ZUIzK3h1WjhJdVlsalNaWjdjRDlMVVBBWDdxcE4iLCJtYWMiOiJjNjVmYjgwZDlmOGNmYmM3Yzg4YWI2NTRhMTRiMThhYzEzZmU5ZjI1YzY0N2I4MDRjOGI0MmVmNGFmMzUwMmE2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFLd25LVnRjaWR4ZHZ2Q0V5T25vbXc9PSIsInZhbHVlIjoiOUJFSGJwTElveDRITm94SUJ3UUpwdTRtTHJ4YU5sdTB2YjdyUGpDOGhTMG9CTzdDNmJUYW00TGRkc2pLUmNRckVVc2VRTkhsbDB2cVd4YWhDMEIvTUlMT0hwQVQ1Syt0K09SWWNvS1VaL3VCNHNkbGZ2UkIydW9RcXNzZncwSk0iLCJtYWMiOiI1YTNkYWI4OWZmNjFkNDY0NWY3YjQyMzA0YmQ5YWFkYjZlOWM3ZWNmODhmYTJiOGI0YTQzZTA4MmE0NzdjZWUyIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:54 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c2FfMs3z2P2prJu0P41uPGj%2FiipHSUgGUEipmd2amxqClw1e4ja%2FexxT9W1XO9d%2B2qgh8WGoXszgaBbQ2okLmNmauHmIsEoN\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjdZNWJNcmc0M2ZJQVExbm1JN3ZsVnc9PSIsInZhbHVlIjoiQjV3NGJ0UnpsL2pLMkRiMW5XQmN4b2ZDcW1QaHNva0JudmR0VldraG0vUE1kaVVxU1kxYzdvc0UvTFhIYnJ5TzlpbFFnT2Q3ZlZFQTl1VDNFZzJjcVRHdEtqOXdyZmY1NGpvNU9uQUhWQ3JRTEZ6QzhwUVd4c0h2OUVYL1lWWmoiLCJtYWMiOiI1MzI4YTc1MjZhN2U4ZDFhOWE3OTZkMzZkMTE3ZmExNzE2YTVlMWIyNWNhZGYwNWEwZGMwZmZhOGZlZWQ4ZjA5IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\nlaravel_session=eyJpdiI6IjhvNkZIVDZUNWxUWWRyMCtxWXVNaEE9PSIsInZhbHVlIjoiYU8vSGMrM05HREZBcU0xdkVsa3pkM3JZZ0NaL1U3cXUwb0FiMi93Qm11RktRK3hobEh4WkFNdnBDeEJXOWlkYTM2Y2d4VlhCZXpMQWd5c2FmVVFWamxpRGVyd004eTVzV3N0dDc3Vld2SG5oNlJiVGF1d1NDRk5LU0VZbXZsdzYiLCJtYWMiOiJhYmRjMzYxMjI3MzAxOTNiYzg3NjFhNzA5ZDkwNjAwZDdhYzlkYzVhZDBkMTI3ZWI1YjFhZDRkOWU0NzdiZGM4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\r\ncf-ray: 98480315982e0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"0707ad04595045fa2054e4a7b977effe","sha1":"9e034a972494b7765d47f556d71e089d9d3f3fc1","sha256":"9e99d5b378726a9137a461f9a5baefde2a70984ae64dba40eb9c8af0be019a74","sha512":"7f335f1fcc9214b890965735aaf3a41d0f22bf7ca981112fcf4a399842a857447b3bd7893902ab39021174b5f2c37437de32ae946554cabc8246d9b913c42e9e","ssdeep":"","tlshash":"802172a7b259683c070beed966e3f16d46285921f344d8e2874da80604cf6b4ccff0e4","first_seen":"2025-09-25T05:10:11.185364Z","last_seen":"2025-09-25T05:10:11.185364Z","times_seen":1,"resource_available":false,"data":null}},"time_used":519,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":519,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T05:09:47.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /Y3Jle7cp5@zKAM/$abc@rd.com HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik1SY3JuUkFFMnNQWEQreXprTURid3c9PSIsInZhbHVlIjoiRmNpV1VWTGlGczQxdHlWRW1JdXMvdlI4OWNmMmFLU01acUtKWUNOQzN1TXcvQ2pBM0Y0WUlDZGk1dFlEcGYzWHBHQUozVkZnV3dMQ2I3R0FQSmRWRTBMZUNGckQ4c0tXYTMxOFQ2VWhiR1p4R3VJTlhmVitWb0JGMkZ2ZUVMbm4iLCJtYWMiOiI3MWU3ODY1YzA0NWJhMWM2NDEwYzIyMDlmOTZjZmE5ZWJkMGQzYWViMmMwNzgxNWUyZTEwMjY3MzQwMzk4YTIyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhCaG1XMExDODg4RnY0bXlReTVhN2c9PSIsInZhbHVlIjoiNXJzTi9VaUlOZVBKZW9vaCtreE02SmQzaTNtWnZQY3pNVHFRcTBsdTF4WGRyRzlIRkNmcC9DWDVxOTdYYmNLZHp5QU9ydzhZVmYwUi9kN3NMWHNCblhEWWFrdlJFTFNsanBvTUdFT3FFSnZ0NlJsRDkydk1CNHRRSmRJdkg3OTYiLCJtYWMiOiJlMWJlM2UzY2YzZTQxM2I0YTA0MDYwZmUzM2JkYTllZGFmNDc5ZDcwZmI4NDllNmM3NTAwMzJlYjQ3ODQwYjkzIiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:47 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5H7M0dmiDqfi3AAQ49GY%2FOv1bIDI2Al03Xl9RLt3wIKP%2Bs0%2FSIuBefjwsJGNYvoViCxep%2FQX54ro6Xb9NHjKuT%2FQgjl8aTk5RZM%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjY1QVlzOU8wMGRkR2I0VHFCQURXNGc9PSIsInZhbHVlIjoiNXRDWVR0WG5zZGdXdmN3WWg5bnI1dGpUM0tqNE51QmxFSnd2VHkwZmcyQzcrTWNEaFpkb1oyS0xSZ0tYMkFOS3p2dWZIRlpxbnMvZlhkNUxPaGtwbDZOeUNhY21iRVRvYzNFOXg2VkRlU0p4Y3FaWnhrT1lveGx6WHdjejJ0cjYiLCJtYWMiOiJhMWE4ZWVmNTE1MGE1ZWVlZDBlNGI4MmI1MzgyZGU4OTIzZjZjMjA3ZjE2YTNhMGQ1ZWNjYjA0ZjA3MjQwMTkwIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:47 GMT\nlaravel_session=eyJpdiI6IkpwMG9DUFFJZjlkeThRbTUwa3RhQXc9PSIsInZhbHVlIjoiMFUwMU1wME5SVFJVZ2VQYU5acm9IQWVMdGxUR2Q5NGJYTTF1dk1Ed2ZlR1VvSlJBSWhScXY1MFhBcXh2OERwb2VjczNldXZOWDc1OExOOXFydjA5ZHc5aE4rWHMzZGk5bWllc0dZVjR4ZnhhMUFaYWxpWHZnL1Z1SlI1RzhjZWkiLCJtYWMiOiJhZTA3MWJkZWI0YzU5MjcwYTU0OThmYjE4NDczOGJmNTJjNTg0OTQ4YTU3NzA3NGExYTZjM2FjN2I5YTJiOGMzIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:47 GMT\r\ncf-ray: 984802ea3b020883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6035,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (6035), with no line terminators","md5":"8b24ea560ab15c36b94db7dc7f8e817e","sha1":"d1f0352c85c77a3175acce5871cf454132ee734e","sha256":"136d1dfd5afaf1c6bc26b43945412a419120a54ce3cca08266deae66cacebac1","sha512":"81a0738f4c2fc33d230429977ee5dec55cdb17e3a140e8f498ba036eb44586422e48c8bf4a22a9844188f8eeff7bfe5ee416e2392235a57ab291ba7f7f937ef3","ssdeep":"96:s+efM+lLiu/6HRT4zyriVcZcVBA4aenJNtawIQfv/tVVA7VOADwLYDlBr:H0jAJ4ucVBAxAaLQfv/tvmOHLclF","tlshash":"74c17d98f0023770813020d728d710121d669f82b56f78daba5d884c1d5bdead4feefa","first_seen":"2025-09-25T05:10:11.187007Z","last_seen":"2025-09-25T05:10:11.187007Z","times_seen":1,"resource_available":false,"data":null}},"time_used":582,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/GDSherpa-bold.woff2","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /GDSherpa-bold.woff2 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 28000\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-bold.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Thu, 25 Sep 2025 05:09:52 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vVY5YdFoieYoqd3%2F1geiWGvv7RU%2BKhYlr86WlfE7j64faifxoMDcGP5V3jm7muaCmGMG2qIDLTu2MeIFjBZZNtmj568tneDs\"}]}\r\ncache-control: max-age=14400\r\ncf-ray: 984803094ea60883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28000,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28000, version 1.66","md5":"a4bca6c95fed0d0c5cc46cf07710dcec","sha1":"73b56e33b82b42921db8702a33efd0f2b2ec9794","sha256":"5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f","sha512":"60a058b20fcb4f63d02e89225a49226ccd7758c21d9162d1b2f4b53bba951b1c51d3d74c562029f417d97f1fca93f25fdd2bc0501f215e3c1ef076810b54dd06","ssdeep":"768:NDT1rKvlJOE1AgLlnGj8H58AJUcl5I17ML7FfNHubNIphqb:NDtKvyAhjHeACcl21YL7KNW+","tlshash":"cfc2f1878fd02879a72dfeb80252903197d00de93fea42318d99b70fe683987515e272","first_seen":"2023-04-09T13:59:19Z","last_seen":"2026-06-26T15:44:38.981206Z","times_seen":95421,"resource_available":false,"data":null}},"time_used":806,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":664,"receive":142,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"ipwhois.app/json/","fqdn":"ipwhois.app","domain":"ipwhois.app","tld":"app"},"ip":{"addr":"136.243.53.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipwhois.app","organization":""},"issuer":{"commonName":"GoGetSSL ECC DV CA","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Mar 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DA:0D:F8:C7:BC:78:BF:B3:E9:22:38:83:EF:17:2A:D4:7E:FE:F3:03","sha256":"3F:17:1A:79:09:FC:1D:D8:C3:08:8A:FA:52:A2:B5:D9:DF:B1:B5:E0:E5:4B:66:A4:E4:84:9C:07:1D:35:31:C3"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipwhois.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Sep 2025 05:09:52 GMT\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\nX-Robots-Tag: noindex\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nContent-Length: 661\r\nServer: ipwhois\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":661,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f1acc81ec10337a39bb4b3005087d41f","sha1":"230252b2fa0d417f2f87331f5a5169878bab2cac","sha256":"c372200143b550d497f9ad5079bdf67e981d7b678d8cee0fe0a7d6d6b66ef617","sha512":"9425b6ede9c57b66a5944a7c3498849f1c43f57b95f7cb053dc0cf358815874f6ff946cf1e470dfb05cadcde4249280f6cb2b07834ca3b3bec27b8fab49085b7","ssdeep":"","tlshash":"76014779207ceeaeec3dc3d4a09da28e177e9207d6c685c687ec5e9cc2c428aa040117","first_seen":"2025-09-25T05:10:11.189983Z","last_seen":"2025-09-25T05:10:11.189983Z","times_seen":1,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":92,"dns":19,"connect":25,"send":0,"wait":25,"receive":8,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/GDSherpa-regular.woff","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /GDSherpa-regular.woff HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff\r\ncontent-length: 36696\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-regular.woff\"\r\ncf-cache-status: MISS\r\nlast-modified: Thu, 25 Sep 2025 05:09:52 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7JiUk8s%2FWKjibtsVzHbNkpyqjRFqioeY0Nlv8vt%2FhFTeKgBC1hPMl1wWhATMFNiujaur2bgzlS95SKhmf8qVwyr41Hq2fwZdXfg%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-ray: 984803094eaa0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36696,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 36696, version 1.0","md5":"a69e9ab8afdd7486ec0749c551051ff2","sha1":"c34e6aa327b536fb48d1fe03577a47c7ee2231b8","sha256":"fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf","sha512":"9a0e4297282542b8813f9cc85b2ccb09663ce281f64503f9a5284631881da9aacf7649553bf1423d941f01b97e6bc3ba50ab13e55e4b7b61c5aa0a4adf4d390f","ssdeep":"768:lvJo4KciQZYjebVq19lKPtHAQ/l4rj2bqkiHShpeSUOR4OqWOgaU:lhH3rVq1PKP432tSSh4SUORHqWcU","tlshash":"31f2f15d76443e8cf06a245836ad2dd6a423171247138f8709de72bbd14f120f65aaff","first_seen":"2023-05-09T17:48:02Z","last_seen":"2026-05-28T17:38:34.607818Z","times_seen":90436,"resource_available":false,"data":null}},"time_used":903,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":697,"receive":206,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"ipwhois.app/json/","fqdn":"ipwhois.app","domain":"ipwhois.app","tld":"app"},"ip":{"addr":"136.243.53.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:54.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipwhois.app","organization":""},"issuer":{"commonName":"GoGetSSL ECC DV CA","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Mar 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DA:0D:F8:C7:BC:78:BF:B3:E9:22:38:83:EF:17:2A:D4:7E:FE:F3:03","sha256":"3F:17:1A:79:09:FC:1D:D8:C3:08:8A:FA:52:A2:B5:D9:DF:B1:B5:E0:E5:4B:66:A4:E4:84:9C:07:1D:35:31:C3"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipwhois.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Sep 2025 05:09:54 GMT\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\nX-Robots-Tag: noindex\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nContent-Length: 661\r\nServer: ipwhois\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":661,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f1acc81ec10337a39bb4b3005087d41f","sha1":"230252b2fa0d417f2f87331f5a5169878bab2cac","sha256":"c372200143b550d497f9ad5079bdf67e981d7b678d8cee0fe0a7d6d6b66ef617","sha512":"9425b6ede9c57b66a5944a7c3498849f1c43f57b95f7cb053dc0cf358815874f6ff946cf1e470dfb05cadcde4249280f6cb2b07834ca3b3bec27b8fab49085b7","ssdeep":"","tlshash":"76014779207ceeaeec3dc3d4a09da28e177e9207d6c685c687ec5e9cc2c428aa040117","first_seen":"2025-09-25T05:10:11.189983Z","last_seen":"2025-09-25T05:10:11.189983Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h1smxsp.ceshootai.sa.com/eijfwzxtvnsdaijfppqgkdpWSkBcSnDBzTVSJSYQQEWVZDXDPRVURPETUQQWMSZGJOWFUTRASLZDNPPHANILrsZY13hjpVibUs4Fjd5N34qeYqcohwx32","fqdn":"h1smxsp.ceshootai.sa.com","domain":"ceshootai.sa.com","tld":"sa.com"},"ip":{"addr":"172.67.161.18","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:54.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ceshootai.sa.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 18:17:36 GMT","end":"Sat, 13 Dec 2025 17:52:34 GMT"},"fingerprint":{"sha1":"6D:21:BC:63:D3:6B:E7:DB:A7:2A:8C:FB:12:B5:86:59:93:E9:A2:11","sha256":"B5:0F:8D:4A:CE:0D:6C:C4:18:4D:78:C8:87:20:EE:E2:38:ED:B4:80:2F:F4:07:05:FB:05:27:80:08:BD:87:06"}}},"request":{"raw":"POST /eijfwzxtvnsdaijfppqgkdpWSkBcSnDBzTVSJSYQQEWVZDXDPRVURPETUQQWMSZGJOWFUTRASLZDNPPHANILrsZY13hjpVibUs4Fjd5N34qeYqcohwx32 HTTP/1.1\r\nHost: h1smxsp.ceshootai.sa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nContent-Length: 99\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:56 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\naccess-control-allow-origin: https://e18.kiviotio.ru\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rhDAxiyX9N6Dzm6G0vXW4%2FR9yOvaJ1%2B8KZAGSuuNTALRYppIDrKVmEEiucKcmX1po8GfsOfcu8bRBcBRZ5U5jA48tEzLM5kZF1ILTOhI8waQkmstcGQ%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9848031c58bb56ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":536,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with very long lines (536), with no line terminators","md5":"b700a2408fff4601b18b91dd7b1adf0f","sha1":"294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc","sha256":"23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6","sha512":"7f1c6139275ac268dca430a91a35177adfa7e1e46114a3cf084605db02294b3450e6f9ee4de7ad18353483dbcfdbaa20c83c2cdccac7603024797d5fe53779df","ssdeep":"","tlshash":"fdf075afb211b0845a0d8108c05b9f836d804e311b012fa986d8b32d8d8bed240573bb","first_seen":"2025-01-27T23:50:46.76269Z","last_seen":"2026-05-07T15:41:47.866738Z","times_seen":29677,"resource_available":false,"data":null}},"time_used":1464,"timings":{"blocked":338,"dns":60,"connect":1,"send":0,"wait":787,"receive":0,"ssl":275},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"h1smxsp.ceshootai.sa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"xhyw.frootriocre.za.com/shapaki$sogjxfi","fqdn":"xhyw.frootriocre.za.com","domain":"frootriocre.za.com","tld":"za.com"},"ip":{"addr":"104.21.74.186","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:48.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"frootriocre.za.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 19:27:38 GMT","end":"Thu, 18 Dec 2025 20:26:31 GMT"},"fingerprint":{"sha1":"93:47:83:58:71:2A:C8:24:38:0E:47:2A:26:7F:CC:77:E0:62:8E:E8","sha256":"FD:35:5A:CD:51:E9:1C:01:55:33:B9:A5:6E:B6:8A:3A:37:26:FA:2C:57:A7:E6:47:1D:85:98:70:C8:32:9F:75"}}},"request":{"raw":"GET /shapaki$sogjxfi HTTP/1.1\r\nHost: xhyw.frootriocre.za.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CE8eheuJnwoHKEAd9U0yZ%2FUwtUohUFXODAtgWVkQG1ve42HLA3UH%2BEWH6Wa8QX2GNYSH2G1mB29TCrmIJzl%2BELZyVDCPETT%2FX4t70SfEFIXUomP97soA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 984802ef8ac535a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-06-26T19:28:44.661897Z","times_seen":115991,"resource_available":true,"data":null}},"time_used":995,"timings":{"blocked":73,"dns":55,"connect":1,"send":0,"wait":849,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T05:09:49.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /Y3Jle7cp5@zKAM/$abc@rd.com HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IlIzRjlWU3dCZzRrNElNekJqZ0hPOVE9PSIsInZhbHVlIjoibW1DWmxKWkNISWxnN3ZwM052VU02MFBuYzNRMTgzQ2VydGJ4aUJ4aXNwbnMySVBnWTNlbDRvbm0yNk5xR2NNQXh2bUhySWxvaUNWclBXd0VjOWl4TS9TNkhndHBPVS9uUm9wU2dHczVlRXlQcTBBOHZIRkUzdmhoTkF2bnVDaGIiLCJtYWMiOiJmNDliODgzYjljZjdkNGIxZWE5YTVmYmE0ZDJmMDU0OGFiZDEyZDMxNGZlYzczOTYxMzhmODM1NDc5M2ZmNWQ5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Inc3TzRpOGhPZ1N4WVJDd0ZSR0VjNWc9PSIsInZhbHVlIjoiNzYrOVBOb0lpRHluTEZjZGx3MkJYWllKbHYrVFo4QkxKQTZiMy82b0xUR2ZqMXFVYUQ2NHU0d1JUTmdGTmdYZVEzdVVLVEdhOGR6UDlTejJlNml5SkE4Qm01VTU0UmNjWWRjRVJWUjFEbElyZEh1aFRMNmhaZ3R6Q1R4cHhNcmQiLCJtYWMiOiJjMDBmYmMxY2MxYjVjMmJjYTAzZWE1ZThlMzE0NDZlZWYzNDNjZGMwYTEyZTZlZDg1ZWJjMzA2MmExYjg4NjcwIiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:49 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3SUhon9c4vxmIvXnm6hMY7BhICrCLFufNHWmjWToORXY4eg4BbQ897GmJQ4RCI0BHkDydFaobE%2FHNYK0QvhNd%2BKJ8rfJGjq6\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Im10cXJmeTFla2VVV0Uwc3JNbEpiNmc9PSIsInZhbHVlIjoiaHJXTDFDQjZHZFlhTE5QeHNwY2RyczRVM0FpNkpKc0JGSXFqSTRZM2QvTTJocG95S2FHZUdkTHIwTE1nVVhmNFpyM3ExUTBBVXN2dEtDQkJIZUFWNktWRTlldVpyM3p2bGpSemUzSUJTM2ZLNm04a3hLeFRrSytMTEZhS1BtbjIiLCJtYWMiOiJkMzlhYmZlMTU0N2MzYWQwNDdmYzUxNmVlODI1NDRjZTY1YWFkYTA1OGY1NWNjNzRhYjE0ODQ3OThkNTliODZjIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\nlaravel_session=eyJpdiI6IjB2enQvOHpMck1yaGI1RGZkd1VLVXc9PSIsInZhbHVlIjoiM3l2NjJCNWc4aFlKRlFzQURzQjgzL0FkQVlSRytEY1phWEkzLy9SNWhoOWxRZDFDR0tSUnhMMXk1dEVWUXlVZXArME5UbVpraEpWcm5sb3pWMHpzQVpSQTA1bnErd1c3VjF6SFRUbXI5ZXZWT2pwTXhxaXJuaW1aQ0dGeDF4a3AiLCJtYWMiOiJhYTQ4OGUzM2JmZGEyZDY1NWI4YzQyMmNkMzM3NmE3ODZlNzRmODVkZTNiZWNjZjc1YzlkODA4OWIzZmRmZGRkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\r\ncf-ray: 984802f6fce40883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"df483c782cda3bc7e929890ff46496f2","sha1":"8f45deac85643c44d697b0cc04c696b2e92b35e4","sha256":"1fa6effcb19ed7929447966a5f6e67a6db7a603ea5d137768331eaadb00d9090","sha512":"f2441b32ebd3836c081dc4445297a207eab54c4704482e94d083e0ae8046d28692eece895c1c095c81fe4358213befabf2acd1bafad5bbb8fa2a1341601b62d1","ssdeep":"","tlshash":"9821759695a1a7381b569de976f7f16c06244e30f340dcf1478d611505cf278c9ef4d0","first_seen":"2025-09-25T05:10:11.195046Z","last_seen":"2025-09-25T05:10:11.195046Z","times_seen":1,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/abxjleOOdrsDte4ef30","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /abxjleOOdrsDte4ef30 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"abxjleOOdrsDte4ef30\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JPB0NegyHJ7O1VA89SflEsqexp773Lg8qng6CfI6r%2F12I%2FnWBilc1M6t%2BxlWVW5ENi6hGp4UQEdyId8Su8YYua91o93dzfRBEio%3D\"}]}\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncf-ray: 984803094ea50883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35786,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"38501e3fbbbd89b56aa5ba35de1a32fe","sha1":"d9b31981b6f834e8480ba28fbc1cff1be772f589","sha256":"a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b","sha512":"1547937aa9b366e76de44933ef48ef60e3d043245e8e3e01c97dfc2981f6b1f61463d9d30992fbcf2ca25fc1b7b32ff808b9789cfb965d74455522fc58e0c08c","ssdeep":"192:hToogIexLQ5WKTCFBwCIZtJ8FtX2+UBRkf1WcrScuH9Ye3YdersR8Q5oqWjfuogF:h0DKAaZtJsOodwuhx5P6mqjDggJkLRn","tlshash":"07f2ac86255066385f3a277bf3ab00aceb6882b347961564b4bcb454cffc6e410d2d9f","first_seen":"2025-01-27T17:47:42.420764Z","last_seen":"2026-01-31T00:55:03.975062Z","times_seen":44016,"resource_available":false,"data":null}},"time_used":687,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":544,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/font/assets/proximanova-reg-webfont.51ac1a980f546ac17d67.woff","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:53.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /font/assets/proximanova-reg-webfont.51ac1a980f546ac17d67.woff HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720\r\nCookie: XSRF-TOKEN=eyJpdiI6InBROWtNTEVDbzg3c0ZYWmJKUWVCclE9PSIsInZhbHVlIjoiKzZkOVZVVlB1QjRwUGFsNTAwOHNLZkNZL05DSFRuOHgrNkd1ZjVlMjFaRHFsR0lMNFdxMXp4QzZEMVZWSmRXYitFUHUrYTUxNlkySTErNzUzQy9XeEZjb01kT2llWExsNHdnRGRTaXIwQ2puTXNYSm5CMEI3ODVNeDB6Y0I3ajIiLCJtYWMiOiJlYTA0MGRhY2RkYWVmN2JkMTExMzlhYWQyMjRmZTQzMDQ2MDAxMzcxYWMyODY0ZGE5NGI3ZGY3YTg3NjMxODgzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFQaTg0a2cwbENSdVRRaldaNWxSdVE9PSIsInZhbHVlIjoib3B1SFFHcDc2L0dBemJ3c3hEai9rM2U2dnhBaXJ3M1d3a0cray9xWWU3ZTVSWSszQzZnYnp6WlVNbDNwMzdrVmJzYnIvKy8zdy9oSDJRbDUvVUx2dkEzSE9XaU92d0FyZ3hxSmNUdkNnL3Y5RXRheldsa3B2RXJ0SGx4YXlzMm8iLCJtYWMiOiIyNjkyMzlmY2M1MTFiMzgyNmUzMTY2MGRiMDVhOWYwZTE5MTg2MjdlMjRiOTZmZjA1MGQ5MzFjNDMxYjQ4NTFlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:54 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QD%2FdnuhIXN6yCWfsPzC6IOO2G4tmC4TftIBWl1Tk5gjn4TO3p23eQBrFg1LzcDn82zCCo6kNk0riAN76WMLRb3iZxKfl9x5s\"}]}\r\ncf-cache-status: BYPASS\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjV4WklWUm1rYys5d29aanJqVU0zT1E9PSIsInZhbHVlIjoiL3FrVHpLVVp5cktEV1MxRFNTWi9FeXlldmRvYTQrV2VYaGIvU1AybC9GeDJGTHh3aFE0V0JQS21wajZMZFpKbUlKMG9RRyt1dWd1Z0RUUHl1cHFqc0VoVTVTMjFhS1ZMaHB6bjFwS0J2ZDZuTXZnVVhhbkNyM2VuK1g0RjZUWlAiLCJtYWMiOiIzZTI2NTJjMjc1ZTk5MjMxNjJhYTgyZDdjYWNmYzU0NTE0OWYwYzAyY2QwOTQ4NWY0M2FjNTgwYWU2YWM4MmUzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\nlaravel_session=eyJpdiI6IkRKR2QvNjA0RWNrM0pramc1R0lZbGc9PSIsInZhbHVlIjoiZDkyb1J2bXEvbXJLcTNHQ2V2cVJYbU4xdmhnclE2U3Fnc2EvVHUxZG4rK2s4eTQvVDRuVXZydEdRTFBmWDNPQVZVeXlubTFoRUFhOUozQUYydTNYbkJiYXdSbEd2cE9Fc3pYdEk1bGVqVVJYSVdBVnBtNnFhS3BSUVExMFNXTTQiLCJtYWMiOiJiYzgyMDNmYmVkNzc1M2QwM2RjNGU5MTdjOTJlNTdmOWNjZGUzY2U2ZmI3Y2JlZTRhZmQzMjYwZmU5Yjk2NjA5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\r\ncf-ray: 984803125fbe0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"d8286976f4d263616ab7676de91fdd2a","sha1":"9959ae90d70b09ace1033b55ed8640868a18c6df","sha256":"f8cdcac022e663f378cdb616ca7b6f4bc06ee899d36c81e3a938782372cef6ef","sha512":"08561a801becbdda3d19491f94d1677d5cab151978e60d69d7f6c119e179a593a80438ac9bf7bd001c433718547ead7b40275dfa748594bf0e19afc25fe6aafe","ssdeep":"","tlshash":"28212053902a91390f83ddd663e3f6588a556e30f304dcc2458ea2580adf6b8c8af4d4","first_seen":"2025-09-25T05:10:11.197556Z","last_seen":"2025-09-25T05:10:11.197556Z","times_seen":1,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":721,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/font/assets/proximanova-reg-webfont.f9f2259180c0e36006aa.ttf","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:54.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /font/assets/proximanova-reg-webfont.f9f2259180c0e36006aa.ttf HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720\r\nCookie: XSRF-TOKEN=eyJpdiI6IjV4WklWUm1rYys5d29aanJqVU0zT1E9PSIsInZhbHVlIjoiL3FrVHpLVVp5cktEV1MxRFNTWi9FeXlldmRvYTQrV2VYaGIvU1AybC9GeDJGTHh3aFE0V0JQS21wajZMZFpKbUlKMG9RRyt1dWd1Z0RUUHl1cHFqc0VoVTVTMjFhS1ZMaHB6bjFwS0J2ZDZuTXZnVVhhbkNyM2VuK1g0RjZUWlAiLCJtYWMiOiIzZTI2NTJjMjc1ZTk5MjMxNjJhYTgyZDdjYWNmYzU0NTE0OWYwYzAyY2QwOTQ4NWY0M2FjNTgwYWU2YWM4MmUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRKR2QvNjA0RWNrM0pramc1R0lZbGc9PSIsInZhbHVlIjoiZDkyb1J2bXEvbXJLcTNHQ2V2cVJYbU4xdmhnclE2U3Fnc2EvVHUxZG4rK2s4eTQvVDRuVXZydEdRTFBmWDNPQVZVeXlubTFoRUFhOUozQUYydTNYbkJiYXdSbEd2cE9Fc3pYdEk1bGVqVVJYSVdBVnBtNnFhS3BSUVExMFNXTTQiLCJtYWMiOiJiYzgyMDNmYmVkNzc1M2QwM2RjNGU5MTdjOTJlNTdmOWNjZGUzY2U2ZmI3Y2JlZTRhZmQzMjYwZmU5Yjk2NjA5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:55 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U6FbRmbQIjK1iqJll70cqdHW0pS8O9pM7sxx61UXyaKkwsgEuaHA3GDFs2vyk8YcNWJ3WGhUXTugOt9nq1yzlyi10RHJ7RD68zQ%3D\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjRnNXZ1VCtPUE1GRmsrZHdlOXhSR2c9PSIsInZhbHVlIjoieEFlUVlVWlZOanBFUjR3ankxMlN1K1YwRG1jTTh4RURQUVRCdm5Pcll5T3pLRUgzZFNMejNiNUlUeVl6S1ZJYkdDK1o3bEwwVVpLdHJTZGdMWUhmeENUTElaOVJYSUR0RGFIbHNuQkt5eXBHUWd2aksxcjk3Vm9qNEZNZ1g4WWoiLCJtYWMiOiJjYzBjNGM5Yzk4MTk5OTQxYjAzZDQ3N2IzMGIxZjE3N2ZmY2YyNjM0YzkxZDI5N2ZiMjM2ZDI1MDk0MzQ3NmFhIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\nlaravel_session=eyJpdiI6IkdJMnRqQzQwQnhDNm80U3lHa1BwN2c9PSIsInZhbHVlIjoiL0hVTjdEeldlU0RIWHRmalJRTFFLRVc5YU1ZZnVoRnlvTkhscnNoT3JvZFV3RGpsY0F1MVkzcXV6K2IxcTJuOW1CSnJGRmJmSUdtbm54MUpWMzBNTE8rTXVEbzZhUVVZUnJkZURpUTN6OWFMTVlkS1c1aWhqRXE3QTdqUVhkMEIiLCJtYWMiOiI3MTBhY2E0MjZiZjBhZWE1OTE2MWQ0MzM4MDBkMTMyNjFmZWM0ZDUyN2YyMTU0MTdhY2MzN2UyYmQ2YTVlZmRlIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\r\ncf-ray: 98480316e8590883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"cfa2d9f24cf58b2b3fdceff9b0352f0e","sha1":"a345a572f67eebaec5b32e8282783d6f13fb014c","sha256":"bc6b786cde2bd5d7b8fa8919454375780d4f0656fb23dd5692da9e6fdc63242e","sha512":"82ea3ff4c375888bfd3e663f174308819e8bb22a475393e61a9f907f54200cbf198de8ad959928c90fe51fdcd1f59c47a290965ccd6d5dafb62db712d76df57e","ssdeep":"","tlshash":"55214556a126553c0742adc6bad3f1ac077da918f300ecd1464d640505cf6b8c9ef5f4","first_seen":"2025-09-25T05:10:11.201806Z","last_seen":"2025-09-25T05:10:11.201806Z","times_seen":1,"resource_available":false,"data":null}},"time_used":691,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":691,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/favicon.ico","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:47.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nCookie: XSRF-TOKEN=eyJpdiI6IjY1QVlzOU8wMGRkR2I0VHFCQURXNGc9PSIsInZhbHVlIjoiNXRDWVR0WG5zZGdXdmN3WWg5bnI1dGpUM0tqNE51QmxFSnd2VHkwZmcyQzcrTWNEaFpkb1oyS0xSZ0tYMkFOS3p2dWZIRlpxbnMvZlhkNUxPaGtwbDZOeUNhY21iRVRvYzNFOXg2VkRlU0p4Y3FaWnhrT1lveGx6WHdjejJ0cjYiLCJtYWMiOiJhMWE4ZWVmNTE1MGE1ZWVlZDBlNGI4MmI1MzgyZGU4OTIzZjZjMjA3ZjE2YTNhMGQ1ZWNjYjA0ZjA3MjQwMTkwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkpwMG9DUFFJZjlkeThRbTUwa3RhQXc9PSIsInZhbHVlIjoiMFUwMU1wME5SVFJVZ2VQYU5acm9IQWVMdGxUR2Q5NGJYTTF1dk1Ed2ZlR1VvSlJBSWhScXY1MFhBcXh2OERwb2VjczNldXZOWDc1OExOOXFydjA5ZHc5aE4rWHMzZGk5bWllc0dZVjR4ZnhhMUFaYWxpWHZnL1Z1SlI1RzhjZWkiLCJtYWMiOiJhZTA3MWJkZWI0YzU5MjcwYTU0OThmYjE4NDczOGJmNTJjNTg0OTQ4YTU3NzA3NGExYTZjM2FjN2I5YTJiOGMzIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:48 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iVtHGJx3pdNWsRcujzO11seEeQ3pidRVryKsc3%2BILCpvrE7SgRUvQNEoNWaxyKoWIyCzhb4IhVvOrcFhY8UikjfkCrJmhQu4\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IllBWXU2dldkV1JNUDRNRzltN0dtSnc9PSIsInZhbHVlIjoicG0yc05Ta21BdldKNG5EU2ZRWXlwV1YxVVVLWExNaVY2dkp4WDg5N1duUkl4cXFSOXFtMVRUd1JuWW5ramY2T3pKaWdLWGJMSnZVdTBST3kxUG5QMXJBTlAvQk41dGk0N3diQTdBQmJGaVpjaTRlMlZnTmJPeGtNUEw3eHlHcWQiLCJtYWMiOiIxMTRkYTVhZTY1MTI2NTQyNjY4ZWE2YmY5NzFiZGQwYzU0ZDcwYzFhZjg3ZDY2NDRiMjdkNThlOTZmMTFkMzkzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:48 GMT\nlaravel_session=eyJpdiI6IlF0NTFXQVoxNUZWYTUvVWd4cFFKcnc9PSIsInZhbHVlIjoiRm4xUUdtc3NBZkdJODB0MExOY0szNXF6T09KZ2Y1YzQ0TzhCL2JJdTVNb0hqSVB4NVFETGljVENxMkdpcTIvN0xlK3I1T2tsMFAwK1hkbEppMDJ6NW52NUpOM0dNOWRCek84ZmxseDA4Z0ZIRzB3dlpmYU96MGVrZHgyVlJ3WnUiLCJtYWMiOiIzZTllZWNiMTBmZGZlZGJhM2MwMTE5MTFlNjkzY2VlM2UwODdmM2M0MTA1ZjQzMGVlNDQ2MTMxOGU2NmZiOWU4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:48 GMT\r\ncf-ray: 984802ee2c070883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11269,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"5a248e8726e359d3ba0abc92cba8a2f9","sha1":"b5d9c808ed9e4230b33676925b260081aafee682","sha256":"99c3583be17f5677f27b750932672e4b9deaf7302c6bf78203d3c4abc4c67c12","sha512":"fcc89c6c575f8c3bf77350cec45a4e15143f5571e33aa2de7e36c6a8a8f61b033decde101d8defb576c0719d7e13433e39987124418fc07645f75f60b14eaaed","ssdeep":"192:vhBYnJjn6vNIwUQJKsY6+4OWZZE5H5M05RmLEk:vkn6vNIwUQJKq9ZExl/mLEk","tlshash":"1332623931f2167f21c381a2b261bb6eaeb8c617c50b565cf1bc8199afc7c11c54b269","first_seen":"2025-09-22T00:05:54.170403Z","last_seen":"2025-10-14T15:39:53.309084Z","times_seen":971,"resource_available":false,"data":null}},"time_used":494,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":493,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T05:09:50.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/ HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nCookie: XSRF-TOKEN=eyJpdiI6ImZ6NUswY3drZkoxMld3ZnFaZEhXQWc9PSIsInZhbHVlIjoiNldHVDB5UUVIczQzOVQvWkRKeGIyb3FnTGhYTnJLK0ppSmxVR2IwSlBOR3JiV3ZXaisvRzJtekRxWEQ2NHBLUE9YYXhxeDQ4c1M0MFVYYzl5Wm5UYzFpblZmeENob2s1N09LK3BpWFdUaUdPL0lOVTFKU2U4ODhBZktqNVp4UXgiLCJtYWMiOiJkZDVjODU5NWRjNDFiNmEyMmQ2NWUzMmU4MDFlNmFjZWNmYjU0NWYzYzRhZTJiYjhkYzM0NjE3OTNiMzNhMTBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkFvOGxPV2J3MWk3MHhXd1JwT0lqR3c9PSIsInZhbHVlIjoiMktXSkpqZGZXUGNDbXhVdE9NMjM5NER6N0JZdkVPQVQwYmhEZHN1ZnlaaWRaK2tLQ3hzb3VUUWpyODBMYkNJQVF3R004dVhoS0Vzd0QrcldaOG1hRUd0UTh5aTZtUUlINEZ5NUJLWlFOdWVxSVJ5R1NnZ2g1RFZmNk5sR1kxdDkiLCJtYWMiOiI4OTk0YmNmN2I0Njk3NGJhMDUxNThkZWE1MjllZGVjZmQ2ZmIyY2RiOTMyZjhiY2M4OGY1N2IxYWNjYjU3MWNkIiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:50 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wBhVtEM95JY7dnIMtBxtGZUSRwdgbInD1viqRr4bKx0Bx9olmdGWBx9aJu6iGIO9emmmKcC9gytSZGqIhXhtQEuGBanoAd3d\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik5EUklzTC9xM0JuUDBITWhSSm9paFE9PSIsInZhbHVlIjoiOWZQQWNRL2RTaXBpS1N2OUczUk9GY0RyT3ZpTk1RTTJrQkRlOFA0b2tkbDFJbjhOWnBXOVNueUpjSWhBUjNRcVI4b1dnSEpUTFdGSTZuZENxTjNIOTMyQUZqUTY2TEd3NVloaXJwSGtackJXaklWOGxHcFhIbW1tSHpVRVVLdkEiLCJtYWMiOiI1NDZmMjM5M2E0NGNjZDQ2OWQ3N2JiYjA2NmUwNjQwNGQ4ZTM3NjFjYjVjMjEwZGE5Zjk3MmRiYzJkMTc3OTQxIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:50 GMT\nlaravel_session=eyJpdiI6Ik02Mkdwby9Wa1ZCRWV2RkFmVWorM1E9PSIsInZhbHVlIjoiRDNIZTNiVHdsSHp4WnJEZzdZeE1mQnZWY0NQaDVIV3JWZk9QeitOK1hLMVBTVnVJbkxIUE5uUG1QYSsvVEdjb1hDUExEUUhjYWFkZ256a2RQT2JKS3dTdWFnOEM5SFU3QlBkNWJsa21nblllV2xFNUpVOVU5QkNwWG0vNzhPbHQiLCJtYWMiOiJhMDc1NzYwZmFhMDZlMGVkMWMxZTM4ZGZlOWZlNzI4MjQ1YTlkY2E0MzdiNzhlMTFhNjlmYWZmMTRlN2U2MzVjIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:50 GMT\r\ncf-ray: 984802ff6d710883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"4ecdd6158b1a90877b93d1108ad86b89","sha1":"4008e47b2d17836a843f19b227d32f0c413a42e4","sha256":"01023df2be45be1142f25b2ca654cfbe60f10ef70a817f8069cb12d3a11497a4","sha512":"f16c2f1729acee807d4dda822bb412cdf2a4bc8d451bf3f503fccb79fce1a6db7a2e45d8aee32eb5d19e69f639995342fbd563c2da210029506122ce0c03e2e6","ssdeep":"","tlshash":"e7212356b025aa380b93edd172e3f25d02752920f304ecc2198ea40916dfa78caaf4d4","first_seen":"2025-09-25T05:10:11.204637Z","last_seen":"2025-09-25T05:10:11.204637Z","times_seen":1,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/340bawlC2mRh86A2cFnwN5gbij6y8Wr1wA4avLL689747","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /340bawlC2mRh86A2cFnwN5gbij6y8Wr1wA4avLL689747 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"340bawlC2mRh86A2cFnwN5gbij6y8Wr1wA4avLL689747\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nYDEVlfQNUCRxvFwxrFfUuojUMEblKEPOFVtj46abn42OrLd2zDoWpNXFDGKkirFBKq%2BkFgOIgWzl9adH6cnANJr4oq3iLc2\"}]}\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncf-ray: 984803094ea30883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10245,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10017)","md5":"6c20a2be8ba900bc0a7118893a2b1072","sha1":"ff7766fde1f33882c6e1c481ceed6f6588ea764c","sha256":"b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500","sha512":"8f80ad8adc44845d24e13d56738a2ca2a73ee6fcdc187542ba4aaebbf8817935d053a2acfb0d425b9cc0c582b5091e1c9fe16b90b3aa682187645067c267fc41","ssdeep":"192:LRSvXVHfVj+WdqfkkoKhUBhMAcT6iuvBiFj0gba6qiG2pPj:LQvXVHXiNkMAcT6i+4mgPj","tlshash":"ce22a58932933026af5391b440bf140af2f69589d45cade8ab29d1e27d7290d46f7f38","first_seen":"2024-05-30T22:56:13Z","last_seen":"2026-06-26T05:09:40.534567Z","times_seen":52655,"resource_available":true,"data":null}},"time_used":487,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":487,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js","fqdn":"ajax.aspnetcdn.com","domain":"aspnetcdn.com","tld":"com"},"ip":{"addr":"23.36.76.194","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:50.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ajax.microsoft.com","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure ECC TLS Issuing CA 04","organization":"Microsoft Corporation"},"validity":{"start":"Wed, 15 Jan 2025 17:50:49 GMT","end":"Sat, 10 Jan 2026 17:50:49 GMT"},"fingerprint":{"sha1":"67:7D:DB:2D:BB:27:07:2D:C9:20:48:81:00:BE:4D:DC:81:08:A9:2D","sha256":"59:BC:DE:80:EE:F9:3D:BA:D9:06:0B:44:03:DF:2E:89:FC:64:EF:D9:5B:25:01:51:86:C6:B1:37:63:A1:7D:30"}}},"request":{"raw":"GET /ajax/jQuery/jquery-3.6.0.min.js HTTP/1.1\r\nHost: ajax.aspnetcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 30982\r\ncontent-type: application/javascript\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\netag: \"803056b57d10d71:0\"\r\nlast-modified: Wed, 03 Mar 2021 22:36:53 GMT\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=31496501\r\ndate: Thu, 25 Sep 2025 05:09:50 GMT\r\nvary: Accept-Encoding\r\nakamai-grn: 0.9c4c2417.1758776990.612ad906\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-26T19:32:57.905391Z","times_seen":484681,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":39,"dns":5,"connect":1,"send":0,"wait":5,"receive":1,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/GDSherpa-bold.woff","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /GDSherpa-bold.woff HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff\r\ncontent-length: 35970\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-bold.woff\"\r\ncf-cache-status: MISS\r\nlast-modified: Thu, 25 Sep 2025 05:09:52 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rmlfla%2B6O25XVpCTiYgAPOcjLbFZX%2FU9CehVpvF0nGE1YPILzLM%2BH9B4M2nNn0aK%2B2Kf6MkYeQdgThmIJIEaGWP1v%2BZZK4PaJyU%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-ray: 984803094ea80883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35970,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 35970, version 1.0","md5":"496b7bbde91c7dc7cf9bbabbb3921da8","sha1":"2bd3c406a715ab52dad84c803c55bf4a6e66a924","sha256":"ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798","sha512":"e02b40fea8f77292b379d7d792d9142b32dfcb887655a2d1781441227dd968589bfc5c00691b92e824f7edb47d11eba325ade67ad08a4af31a3b0ddf4bb8b967","ssdeep":"768:GJiLCleIZlcBvahjeheOQKskmCp9sE9gBkGgvU+7aAXDqWOtU:GJo9IgMKsQzJ9gBkZbuAXDqWV","tlshash":"a4f2d09831594c2aacbd58232b71d9df21e38f61ba42029ba193e4cd9c4714dbb1e47f","first_seen":"2023-05-09T17:48:02Z","last_seen":"2026-05-28T17:38:34.583252Z","times_seen":90507,"resource_available":false,"data":null}},"time_used":870,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":662,"receive":208,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:53 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FSo7Wb1%2BbLShBI4AzO1fjGfs0gq04PmVWlXbQDahs1CkuI464u%2BW9CVyQQkkOmaT0SmJAqShKsSd9Zb%2Bw%2BhRGt8r%2Fsmt%2BlD5SVk%3D\"}]}\r\ncf-cache-status: BYPASS\r\nset-cookie: XSRF-TOKEN=eyJpdiI6InBROWtNTEVDbzg3c0ZYWmJKUWVCclE9PSIsInZhbHVlIjoiKzZkOVZVVlB1QjRwUGFsNTAwOHNLZkNZL05DSFRuOHgrNkd1ZjVlMjFaRHFsR0lMNFdxMXp4QzZEMVZWSmRXYitFUHUrYTUxNlkySTErNzUzQy9XeEZjb01kT2llWExsNHdnRGRTaXIwQ2puTXNYSm5CMEI3ODVNeDB6Y0I3ajIiLCJtYWMiOiJlYTA0MGRhY2RkYWVmN2JkMTExMzlhYWQyMjRmZTQzMDQ2MDAxMzcxYWMyODY0ZGE5NGI3ZGY3YTg3NjMxODgzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:53 GMT\nlaravel_session=eyJpdiI6IlFQaTg0a2cwbENSdVRRaldaNWxSdVE9PSIsInZhbHVlIjoib3B1SFFHcDc2L0dBemJ3c3hEai9rM2U2dnhBaXJ3M1d3a0cray9xWWU3ZTVSWSszQzZnYnp6WlVNbDNwMzdrVmJzYnIvKy8zdy9oSDJRbDUvVUx2dkEzSE9XaU92d0FyZ3hxSmNUdkNnL3Y5RXRheldsa3B2RXJ0SGx4YXlzMm8iLCJtYWMiOiIyNjkyMzlmY2M1MTFiMzgyNmUzMTY2MGRiMDVhOWYwZTE5MTg2MjdlMjRiOTZmZjA1MGQ5MzFjNDMxYjQ4NTFlIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:53 GMT\r\ncf-ray: 9848030d7f4d0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"9aca0b46bf65e56fedee47e92efdb165","sha1":"d81e77aa2ad1e0fce5da954e8c318af86ab5aade","sha256":"5fc0ada88bb0c417e2d8a8fe6d0b04127b3cde599f5ad8bdddf75ea95707a5da","sha512":"57a3aaed7c4cbbed029f4caaca432ec4e53748a6cb66fcf0c2d5b5ec68df4423c976290dc8d7f50d786de2354d6e599414a132b84a40811c198cff71e2c1f336","ssdeep":"","tlshash":"332120969165a4bc0a439dd5b6f3f62d86785a24f305dcd000cfa4144acfab4c4bf4e4","first_seen":"2025-09-25T05:10:11.210278Z","last_seen":"2025-09-25T05:10:11.210278Z","times_seen":1,"resource_available":false,"data":null}},"time_used":725,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":725,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/favicon.ico","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:49.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nCookie: XSRF-TOKEN=eyJpdiI6Im10cXJmeTFla2VVV0Uwc3JNbEpiNmc9PSIsInZhbHVlIjoiaHJXTDFDQjZHZFlhTE5QeHNwY2RyczRVM0FpNkpKc0JGSXFqSTRZM2QvTTJocG95S2FHZUdkTHIwTE1nVVhmNFpyM3ExUTBBVXN2dEtDQkJIZUFWNktWRTlldVpyM3p2bGpSemUzSUJTM2ZLNm04a3hLeFRrSytMTEZhS1BtbjIiLCJtYWMiOiJkMzlhYmZlMTU0N2MzYWQwNDdmYzUxNmVlODI1NDRjZTY1YWFkYTA1OGY1NWNjNzRhYjE0ODQ3OThkNTliODZjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjB2enQvOHpMck1yaGI1RGZkd1VLVXc9PSIsInZhbHVlIjoiM3l2NjJCNWc4aFlKRlFzQURzQjgzL0FkQVlSRytEY1phWEkzLy9SNWhoOWxRZDFDR0tSUnhMMXk1dEVWUXlVZXArME5UbVpraEpWcm5sb3pWMHpzQVpSQTA1bnErd1c3VjF6SFRUbXI5ZXZWT2pwTXhxaXJuaW1aQ0dGeDF4a3AiLCJtYWMiOiJhYTQ4OGUzM2JmZGEyZDY1NWI4YzQyMmNkMzM3NmE3ODZlNzRmODVkZTNiZWNjZjc1YzlkODA4OWIzZmRmZGRkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:49 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aVzpuHGxJNsGkJ%2FcGmCHLW7APvj4Vq0yiUq97CXM04j2NmxNLyu1xM7jd4UyyhbRdJe8xjvWof6SzHLAQoX%2B2C43dhB6EUEA\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjQ4TWxBM2FuOVZVdVRCOFpsdG5QTkE9PSIsInZhbHVlIjoiYVlNeEs0QlE4ZGxNQmovUnlWVkdtMkpDQXZsK0k3UWdiN1QrVGwrQnJWRVZlaXVmS3pRYWdiL3lGc2VseVN0b2NJSXdCNTd6RnVRaGx5N1cyaXdiWkZQZGwxNkNKQkdOeWFDZWNNeStJYjFKTDB3MlYxSFRNa3NkTWdNb0dieUYiLCJtYWMiOiI3MzEwZmVmNzQ3MGUxMjMxMjIyNWE3YjEyODFmNTUxYjc0OTE4NzM0OTliMWQ1ZmY4NThjNGM4MWIzYjRkYjhlIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\nlaravel_session=eyJpdiI6IlF2WElNRFdsMVdNS29OTnk0cHdyVnc9PSIsInZhbHVlIjoidThGYUI5UUtsVzZ2TkswL1I3MjZxVHZLT25oeGdCeld1TDA1VUx1R09HQzJhS25JQVJWVmVxNXJhL2JqYysraEpLTTF4RnJMNmdnbGVzWHd0QUQvOWk4Q0hiRWlMSUZ0Vmpvd09Ya1dRTFBjTVA5ekFDTkZMbUhVUk1Fc1NLcmsiLCJtYWMiOiI0OTlmMjI2NDE3YzY1YWU2OGVkYTU2NTMyOTVmYjk0YTQ0OWYxNmZjOTM4NTVkYzY0YzNlMGZkZmExODgzY2JkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\r\ncf-ray: 984802f9ad150883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20095,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"ce0e74469cdc286745dc58a7885f51d5","sha1":"0094e7c86045bd12d113314a9cf65e828fd5e4f7","sha256":"b236fdb1f851f1f249202018aaa76ed7591fa4f9c23975b3e5fbf745d0816029","sha512":"1e60c79d97e7e4bea38a01d77d9c9c95737142cea1cc07a9d22d226bc9530664aac4777393062b1592e53ed30086c0d8cc856313950175968c3b5ec3a60539ac","ssdeep":"384:3PlIwYcd0N+mwhLnDq4KgMOLhCuJCurH5Q:/lIwYcd0N+phLn+4KgMO7K","tlshash":"8a92a66b51e22436e06ac262bee29b0b7671c347cb0d01547dac0a94cfcded6dc971ad","first_seen":"2025-09-22T00:50:52.260894Z","last_seen":"2025-10-14T15:39:53.249719Z","times_seen":969,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":283,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/lmN9JYmSU7mEKVuescDul7fk9OADzzNMefj8SQfw","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:50.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"POST /lmN9JYmSU7mEKVuescDul7fk9OADzzNMefj8SQfw HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 19\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ4TWxBM2FuOVZVdVRCOFpsdG5QTkE9PSIsInZhbHVlIjoiYVlNeEs0QlE4ZGxNQmovUnlWVkdtMkpDQXZsK0k3UWdiN1QrVGwrQnJWRVZlaXVmS3pRYWdiL3lGc2VseVN0b2NJSXdCNTd6RnVRaGx5N1cyaXdiWkZQZGwxNkNKQkdOeWFDZWNNeStJYjFKTDB3MlYxSFRNa3NkTWdNb0dieUYiLCJtYWMiOiI3MzEwZmVmNzQ3MGUxMjMxMjIyNWE3YjEyODFmNTUxYjc0OTE4NzM0OTliMWQ1ZmY4NThjNGM4MWIzYjRkYjhlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlF2WElNRFdsMVdNS29OTnk0cHdyVnc9PSIsInZhbHVlIjoidThGYUI5UUtsVzZ2TkswL1I3MjZxVHZLT25oeGdCeld1TDA1VUx1R09HQzJhS25JQVJWVmVxNXJhL2JqYysraEpLTTF4RnJMNmdnbGVzWHd0QUQvOWk4Q0hiRWlMSUZ0Vmpvd09Ya1dRTFBjTVA5ekFDTkZMbUhVUk1Fc1NLcmsiLCJtYWMiOiI0OTlmMjI2NDE3YzY1YWU2OGVkYTU2NTMyOTVmYjk0YTQ0OWYxNmZjOTM4NTVkYzY0YzNlMGZkZmExODgzY2JkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:50 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=coSmwYPrEsErnmb7Qnzi%2FqB4AiupJwfwtRgP6mjsVsIShHyBms9b0XecAveEpIXWALIIOHwVwIA7gwmfCcJoGOLsQjyf3bB6Q4c%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6ImZ6NUswY3drZkoxMld3ZnFaZEhXQWc9PSIsInZhbHVlIjoiNldHVDB5UUVIczQzOVQvWkRKeGIyb3FnTGhYTnJLK0ppSmxVR2IwSlBOR3JiV3ZXaisvRzJtekRxWEQ2NHBLUE9YYXhxeDQ4c1M0MFVYYzl5Wm5UYzFpblZmeENob2s1N09LK3BpWFdUaUdPL0lOVTFKU2U4ODhBZktqNVp4UXgiLCJtYWMiOiJkZDVjODU5NWRjNDFiNmEyMmQ2NWUzMmU4MDFlNmFjZWNmYjU0NWYzYzRhZTJiYjhkYzM0NjE3OTNiMzNhMTBmIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:50 GMT\nlaravel_session=eyJpdiI6IkFvOGxPV2J3MWk3MHhXd1JwT0lqR3c9PSIsInZhbHVlIjoiMktXSkpqZGZXUGNDbXhVdE9NMjM5NER6N0JZdkVPQVQwYmhEZHN1ZnlaaWRaK2tLQ3hzb3VUUWpyODBMYkNJQVF3R004dVhoS0Vzd0QrcldaOG1hRUd0UTh5aTZtUUlINEZ5NUJLWlFOdWVxSVJ5R1NnZ2g1RFZmNk5sR1kxdDkiLCJtYWMiOiI4OTk0YmNmN2I0Njk3NGJhMDUxNThkZWE1MjllZGVjZmQ2ZmIyY2RiOTMyZjhiY2M4OGY1N2IxYWNjYjU3MWNkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:50 GMT\r\ncf-ray: 984802fd2d400883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":284,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"39c2c83a9f50f8356aafaa54f6e7d8cb","sha1":"8efddd073256246f0f44a56217cf7986090d8ce3","sha256":"fbc417b2755a67a83cd5d76a6a5b074636b71df687a8ca5b7ce7c5bca3f8a938","sha512":"09798f88c8635d5837f5b4218f86bf777e8f1253bbd503f675b5d1b609abb46bcbf2388ce8e791f555368fb0b7b64229ff42ed6e95ff8b1e96df1df455875fa8","ssdeep":"","tlshash":"d6d0e7703f4b390548cf0c02f44947638205175d035d42545cc642a62044f6cfe61d3f","first_seen":"2025-09-25T05:10:11.212183Z","last_seen":"2025-09-25T05:10:11.212183Z","times_seen":1,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":342,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:50.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"POST /exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/ HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nContent-Type: multipart/form-data; boundary=---------------------------312952263535502795821916591737\r\nContent-Length: 63\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik5EUklzTC9xM0JuUDBITWhSSm9paFE9PSIsInZhbHVlIjoiOWZQQWNRL2RTaXBpS1N2OUczUk9GY0RyT3ZpTk1RTTJrQkRlOFA0b2tkbDFJbjhOWnBXOVNueUpjSWhBUjNRcVI4b1dnSEpUTFdGSTZuZENxTjNIOTMyQUZqUTY2TEd3NVloaXJwSGtackJXaklWOGxHcFhIbW1tSHpVRVVLdkEiLCJtYWMiOiI1NDZmMjM5M2E0NGNjZDQ2OWQ3N2JiYjA2NmUwNjQwNGQ4ZTM3NjFjYjVjMjEwZGE5Zjk3MmRiYzJkMTc3OTQxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik02Mkdwby9Wa1ZCRWV2RkFmVWorM1E9PSIsInZhbHVlIjoiRDNIZTNiVHdsSHp4WnJEZzdZeE1mQnZWY0NQaDVIV3JWZk9QeitOK1hLMVBTVnVJbkxIUE5uUG1QYSsvVEdjb1hDUExEUUhjYWFkZ256a2RQT2JKS3dTdWFnOEM5SFU3QlBkNWJsa21nblllV2xFNUpVOVU5QkNwWG0vNzhPbHQiLCJtYWMiOiJhMDc1NzYwZmFhMDZlMGVkMWMxZTM4ZGZlOWZlNzI4MjQ1YTlkY2E0MzdiNzhlMTFhNjlmYWZmMTRlN2U2MzVjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:51 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bka6fJCymZh5va8jrKboM7NyAUVW1kCsinn%2FTITaPA%2BJI6cwWqDm%2FKIAHugoofzSKHEL43ns0Hb6iw4CxjmAWuN56Bn2TZl5\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IkZUL2NzMmFIZ1dXZmlJUHFXRXJvcFE9PSIsInZhbHVlIjoicWx4c3N5aG11SCtzNzViZGFNUGVqUVcyeHNxNmErN2N5UHM5Vk4yR2xRZE5weTZhQkxqZ2JISG9teTZBYWdac2RJY29vdG8vRmNQdDRuSkJTTHJYTXBIOHQ1R3RwZ3F5c2dYeFJvT1hLdHRlWHJLcVg0RkhQeHprRDNtT2dLMFoiLCJtYWMiOiI1Y2RiN2NmYzIxMTBiMjIyMDkyYzEzYWU1ZjQxZjlmNGUwNDUyYjg2OWY1MWViYTdkODMwM2UxOTUyOTdjNzVjIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:51 GMT\nlaravel_session=eyJpdiI6IjNPblh0M3lSeU1Bd3FKQnFoUVdNeWc9PSIsInZhbHVlIjoiUktGL0VzUjhQL1NkV3NRWGdpTjFiY21Zc3RiSG4vTytuaGY1T0p2SFdJMmVjQWpVdHNBSWN0akliWnJDcWZNN2xydTJ1MHl2bkhraEFRRlFnUCtwaEw3RGg5WlN4bVJaOUV5V2Z5ZVR2RkpXaTdpY0RVdlZWbWpodzhyT0ZDV0UiLCJtYWMiOiJlMDUyMWNmOWZjMzFiNWZhZDdkYzFhYjhiY2RjMzhiMDhlM2IxY2QzMjFiOWM1M2U0ZGFiNDBiYTg3NzQyZDcyIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:51 GMT\r\ncf-ray: 984803019dac0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":353820,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"a3207fc7ea31f8a4f4b3073dd62174bb","sha1":"bd6c6449431f362ef6125c909a35a4f03cc24506","sha256":"5ed86749e1e8b781ae07e14c68a48ccfd055ef3e83262ae2e0c8563777b93f61","sha512":"887fd151ebb0a6bf562350d4119bd26a004226d791de3cac57f3d9d876602c8fd2719fa2a276baf63e1b543de5760b3a7ef69d7044085e50c163fa449d1a6999","ssdeep":"6144:I5x7qkrX3qbmg+JuhrPGOOu79MF5htBRWMgmdh3A/UTbn+bkx3k3k7FxD1HwsS0p:q7Tmbmg+JeGnEMF5cm7A8TYkx+YR1zSy","tlshash":"e57423b4dac55dd340d40ac7e1fb0b7717d952d3dc18166dafa01842a02ceb28faa7da","first_seen":"2025-09-25T05:10:11.21346Z","last_seen":"2025-09-25T05:10:11.21346Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1048,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":545,"receive":503,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:49.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"POST /Y3Jle7cp5@zKAM/$abc@rd.com HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nContent-Type: multipart/form-data; boundary=---------------------------14545676547279974113746153834\r\nContent-Length: 62\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Im10cXJmeTFla2VVV0Uwc3JNbEpiNmc9PSIsInZhbHVlIjoiaHJXTDFDQjZHZFlhTE5QeHNwY2RyczRVM0FpNkpKc0JGSXFqSTRZM2QvTTJocG95S2FHZUdkTHIwTE1nVVhmNFpyM3ExUTBBVXN2dEtDQkJIZUFWNktWRTlldVpyM3p2bGpSemUzSUJTM2ZLNm04a3hLeFRrSytMTEZhS1BtbjIiLCJtYWMiOiJkMzlhYmZlMTU0N2MzYWQwNDdmYzUxNmVlODI1NDRjZTY1YWFkYTA1OGY1NWNjNzRhYjE0ODQ3OThkNTliODZjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjB2enQvOHpMck1yaGI1RGZkd1VLVXc9PSIsInZhbHVlIjoiM3l2NjJCNWc4aFlKRlFzQURzQjgzL0FkQVlSRytEY1phWEkzLy9SNWhoOWxRZDFDR0tSUnhMMXk1dEVWUXlVZXArME5UbVpraEpWcm5sb3pWMHpzQVpSQTA1bnErd1c3VjF6SFRUbXI5ZXZWT2pwTXhxaXJuaW1aQ0dGeDF4a3AiLCJtYWMiOiJhYTQ4OGUzM2JmZGEyZDY1NWI4YzQyMmNkMzM3NmE3ODZlNzRmODVkZTNiZWNjZjc1YzlkODA4OWIzZmRmZGRkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:49 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kSt19gtYk6dJV4EXxC5jfGlqJQCZyKvUnqdH6n6lPIEIupm5QNSOmmYCNgMar3brqlFsZDa1KDM7gFxdfH1wN%2Fgbj%2FvXOTvM\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6ImhoNDNJN1JpQkJMRFEzZzMwekVPWnc9PSIsInZhbHVlIjoiNGM1Y29JWFJwbzNQRnByN3FIQk5WQjlMQnVqZ3dSS21XODhjU044TnZlbWYxT0xxeitQVVNXamdseW5FMVpSQWZCbkpXTFJidXFncVRMUHAzOVhpazZKS2VVWmI3RzJ3RWVUMmR5ZlROamNiM2RXRG5ybGNTQXFSSldabDJ2MlUiLCJtYWMiOiI2ZjMzZDI5NmQ0MTA3NmUzNDRkYTBjYTZlYjliNzlhMWU3ZTA0ZGM2MTY0ZmMxMDM0NTMyNGVhMzFhZGVhMTFhIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\nlaravel_session=eyJpdiI6IjhuMkpxbldGdUVYcFNJbUhGZmRjTUE9PSIsInZhbHVlIjoiRzZ2REtOR3NzNy9oWVd1N0lHSkNDYXNBb0JsTzRDZ2NNWVNxZmY5MEJ4aDY1Njh5MGgxSUpNemVndlBJTWhwVFdMLzl2NFNzOEZjSldGa0VHNjRkQXJmSTc3K2ZiaTBndk9rOW44dmx5NEkvYlFtNXRoK3l5VDZuL3d3K3FKVzYiLCJtYWMiOiIyMmIzNjY4NmMyZmY0NTQ4OTExMDc3YWFhMDkyNTk1NDE2MDc3ZTllNzQyMmJkNzkxMGE2Y2VkYWM3MGI1YWZhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\r\ncf-ray: 984802f90d070883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41977,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (41977), with no line terminators","md5":"9dbcb4dbf028b109bb5b06639bb1c30a","sha1":"4bc1e33fd5b71833067e890244d30adee2aadb7b","sha256":"e3f9c518f5f9c7822a87fb1b29ebb0842e48de92520bc4de33d8269f0441a059","sha512":"41092ae1233a2e5fddf5e140bec102ccf37f02ac6d314e291ba713b01cbd9e4cd2b690db191f132aa0e0fd0568694e2208215a8d33f7c8fa94facabde09cb513","ssdeep":"768:bzByRIBiElI2NjGrEnp/rbfbfD24G9PdJ+1daq2KEjim:HByIiElBlGMpHf24IH+1d7xfm","tlshash":"f313f1744471ce04e3f9767db48fbc697c18ef62ba25dcec4725e681ad067012838b9a","first_seen":"2025-09-25T05:10:11.21516Z","last_seen":"2025-09-25T05:10:11.21516Z","times_seen":1,"resource_available":true,"data":null}},"time_used":496,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/34NH7cVea3uscdkRbd6718","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /34NH7cVea3uscdkRbd6718 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"34NH7cVea3uscdkRbd6718\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qVHzN%2FTv2vIKZ%2BHKnL5FFzmsRwv8qhtjR2GqTuz3%2FdjXzp3qjY4w0pc1KEvjFvmipNkq25fN9WG9KiEk4FylvVkZn5TPZu67e9M%3D\"}]}\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncf-ray: 984803094ea40883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28384,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (28382), with CRLF line terminators","md5":"d4d623b7a475594daf8d77d70c647409","sha1":"dc0019741687e1a2f60f14d72d83a8aa4b2cc846","sha256":"3154145f5e5fb002f312ca6564c237c174a269269b57d767812894238ef50e81","sha512":"b85a03f43485557ce032864278f5ee3f1faf44d405e29b5b68818cdc7666b7bf9bd14f21db50285ae91c1d40b9ba9b98df720a249213b3750954903964758d97","ssdeep":"768:MC8nBSz2omXX44PL5K9kdY8xbXoEYW+fUSi:MhnBSz2omXo4PL5K9kdY8xb+WX","tlshash":"4ad2a86072003369f223c237b0e67a8e21399552e5b75b79f936b1a8cfe6042173365f","first_seen":"2025-09-10T01:54:27.119791Z","last_seen":"2026-05-28T17:38:34.595273Z","times_seen":12109,"resource_available":false,"data":null}},"time_used":682,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":547,"receive":135,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/34b8JVKePOijbFV7i9hyyJJgklJo7ui7ynCGg89110","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /34b8JVKePOijbFV7i9hyyJJgklJo7ui7ynCGg89110 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"34b8JVKePOijbFV7i9hyyJJgklJo7ui7ynCGg89110\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eQwe554uHXmd%2FhIz1HsC9ivbMlGRdrWKJpvbD%2F6vQFnGL6WZgI2Yxs7k70Vt1K2ygH6Gk0JgS9PvdQyen4TvrCsLAL%2BchcywucU%3D\"}]}\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncf-ray: 984803096eb30883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":285370,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"ace623e0b30a988ab582c1a5a7fa4c2d","sha1":"e2646dd46fd1888a030689ee380b46712cba1f09","sha256":"7dd58c1c2e1c8efc3de2bd50f34102be5f29c4a777cb3980a19bf42b1571a4f9","sha512":"6f650c2e8cc1f6014fd7f598cf46a3baec225ae9388ab73384f4675a73bc31bcc2b64831d1b20da0a3fc36b3f2ce5e5c7fa76c47f7249931c4a92c7c93a80f4e","ssdeep":"6144:sFTAHYxEQtdzfInhAG4yiqFaFN9EYsYa6C56jSCjDUI7vbN/vSF2M74:yTA44hD1rFaFNeYszZAWkIITRG2f","tlshash":"5e5423a20d9b3a73daad153ed44f0f647ee65ad457ead5dd23c038d2804d5820c8ba3e","first_seen":"2025-09-24T20:50:08.044543Z","last_seen":"2025-09-25T09:53:10.631214Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":670,"receive":503,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T05:09:39.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /Y3Jle7cp5@zKAM/$abc@rd.com HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7CerCPueurXOyrqReSeif9tTya2he1Fc%2FGFH4gW%2BMPRU7IRgH0qF%2BHq7IStrtGi6S2g%2Bs1QMMDVC%2ByhpOwqusU3vndukHZhr\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjNLNitWaHBueWdIamFpL29sZmVtMkE9PSIsInZhbHVlIjoiZ2ptVnRQZ3prTC9GNXg0Qnk5a1lNZllOQkFHMVpxZk9oelNvQklwcmF0RkZ5a3JKNDNZNVE3dTB6Sm1leXpLS0Z0NUlUc2pDZ2VyOVBMcG8yNGFtVnpaUzlnMTVzZGtyQWZmR3lDNnFRQU1wZ3VtSXZsVHVQMHdGc3FBWkhuQSsiLCJtYWMiOiIyZmE0NzIyMmQ0NzkyMzgwNjk2MDVlZTA5MDlmZjRkZTNlZGZjZWVhY2Q1ZDRhNTZjMGUwNzIxZDljMmM4MDAwIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:40 GMT\nlaravel_session=eyJpdiI6IjJDSE01alErTnVONndtMXdZTUJKRUE9PSIsInZhbHVlIjoiT0I4ZzVRRE9MaDEySUY4NHFzTmdSWmtEeG1tL0ExNjMrcktlaks0bXBYN0VCLzhYTkN4YWpGanBpNEJnNmdkL0RYdXkyNFJyeUg3T0psS0ZSS1lUbHAwaEFwZW5MRWNUMzY0SUxjODlvcjE0WGs5ODMxblhrTnBwQ2NoNVRObFUiLCJtYWMiOiI0NWFlNmRlODdjZGFiNjYxYjY5NGE0NDdiMGFhZjUwODA5YWIyNGY3MzRmNzE2YWU5NzVmZGU0YzY4MzZhZTU0IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:40 GMT\r\ncf-ray: 984802bd4c3d2678-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7227,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7225), with no line terminators","md5":"fb6c99f60afd1d22d4a3da52fe99c2be","sha1":"9fbc1f77efabc34423252e10fc47427217cfcfd2","sha256":"3777c3925395a0e2a14a3d9c4aef11d037092a86f05f01e6623fabc137617636","sha512":"70bdd9cede3a9ad18f1de730083708f06b480789f421e5786c2a76ded4eed32c70f9fa5cd496714cef698e52d90bf6088cb567e0580988f70e247e61301fa11f","ssdeep":"192:NikLD/tfH/vWqWFx2fBJeOOk+1TWKWp4eagcuLbvZO:E++1iV/E","tlshash":"1ee1652322001039aa13d3d9abe5975d2158804af7826cbfa3ac036d5bdddedd76b590","first_seen":"2025-09-25T05:10:11.219584Z","last_seen":"2025-09-25T05:10:11.219584Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1195,"timings":{"blocked":321,"dns":5,"connect":1,"send":0,"wait":548,"receive":0,"ssl":318},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/favicon.ico","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:40.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nCookie: XSRF-TOKEN=eyJpdiI6IjNLNitWaHBueWdIamFpL29sZmVtMkE9PSIsInZhbHVlIjoiZ2ptVnRQZ3prTC9GNXg0Qnk5a1lNZllOQkFHMVpxZk9oelNvQklwcmF0RkZ5a3JKNDNZNVE3dTB6Sm1leXpLS0Z0NUlUc2pDZ2VyOVBMcG8yNGFtVnpaUzlnMTVzZGtyQWZmR3lDNnFRQU1wZ3VtSXZsVHVQMHdGc3FBWkhuQSsiLCJtYWMiOiIyZmE0NzIyMmQ0NzkyMzgwNjk2MDVlZTA5MDlmZjRkZTNlZGZjZWVhY2Q1ZDRhNTZjMGUwNzIxZDljMmM4MDAwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJDSE01alErTnVONndtMXdZTUJKRUE9PSIsInZhbHVlIjoiT0I4ZzVRRE9MaDEySUY4NHFzTmdSWmtEeG1tL0ExNjMrcktlaks0bXBYN0VCLzhYTkN4YWpGanBpNEJnNmdkL0RYdXkyNFJyeUg3T0psS0ZSS1lUbHAwaEFwZW5MRWNUMzY0SUxjODlvcjE0WGs5ODMxblhrTnBwQ2NoNVRObFUiLCJtYWMiOiI0NWFlNmRlODdjZGFiNjYxYjY5NGE0NDdiMGFhZjUwODA5YWIyNGY3MzRmNzE2YWU5NzVmZGU0YzY4MzZhZTU0IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FiuUMyyd9NQ7NMDwWn8%2BQcpRxPd89SWI5at5eRYewJSY2quiI3gZFivnO6n8%2BPswyLc2s2HBq6hgSWqpJolmwN9OZ1Kgx5MQ\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik5tUHVyamtVR3lwQ3ZJcXRTVDg3QWc9PSIsInZhbHVlIjoiSkVKUlM0T09CaWpJOVhKRXhVUjdaUW9WMW9mSi8rTDB6NGt5VU4xenhHOE1ia0M4b1l4WUNQOHRkOGd2ZUZFY2dISytlSzZGeWppbVgwMTdnM1hWV3pEVGNYSWh4anhjMHB1QlI4aDBTUVlvV0pHYXk0ZTRBRXM2ZmxFSUxndTEiLCJtYWMiOiIyOWQyZDYzM2Y3YTljNzE3OGRkNDc0ZDZjZDZjMWJkMTdlODQ0ZjgzMjdjN2U2YTQ5ZWU1ZDllODViZWQ2ZDk0IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:41 GMT\nlaravel_session=eyJpdiI6Ik90WkwrODFXTUJ5RVBtdWR2bWM2anc9PSIsInZhbHVlIjoic0FjTDQvTlBuVXNsdXhjNFBORlVYK0kvMC8xdWtnSU0rdnU2OWVKK0ZHQjRRdS9veDVtUGw4RUxMS05nNHVIcmxNRklPWlBWWlp5VExTbDdpUFNhOSt6dWxXeVJDbmtHbENnL2RpYVBmUlZXVmh6ZTJCTkh3VE9hUm1XaXlORGoiLCJtYWMiOiIyY2U3YTc3YWJhYWZjN2IwYzRiY2U5NzBmZDc0N2UyODRhY2E4NzVmNjllY2MzOGRmYWQ0NzdmMzEyZGVhNmZkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:41 GMT\r\ncf-ray: 984802c24ea92678-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20095,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"ce0e74469cdc286745dc58a7885f51d5","sha1":"0094e7c86045bd12d113314a9cf65e828fd5e4f7","sha256":"b236fdb1f851f1f249202018aaa76ed7591fa4f9c23975b3e5fbf745d0816029","sha512":"1e60c79d97e7e4bea38a01d77d9c9c95737142cea1cc07a9d22d226bc9530664aac4777393062b1592e53ed30086c0d8cc856313950175968c3b5ec3a60539ac","ssdeep":"384:3PlIwYcd0N+mwhLnDq4KgMOLhCuJCurH5Q:/lIwYcd0N+phLn+4KgMO7K","tlshash":"8a92a66b51e22436e06ac262bee29b0b7671c347cb0d01547dac0a94cfcded6dc971ad","first_seen":"2025-09-22T00:50:52.260894Z","last_seen":"2025-10-14T15:39:53.249719Z","times_seen":969,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T05:09:46.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"POST /Y3Jle7cp5@zKAM/$abc@rd.com HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 20\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik5tUHVyamtVR3lwQ3ZJcXRTVDg3QWc9PSIsInZhbHVlIjoiSkVKUlM0T09CaWpJOVhKRXhVUjdaUW9WMW9mSi8rTDB6NGt5VU4xenhHOE1ia0M4b1l4WUNQOHRkOGd2ZUZFY2dISytlSzZGeWppbVgwMTdnM1hWV3pEVGNYSWh4anhjMHB1QlI4aDBTUVlvV0pHYXk0ZTRBRXM2ZmxFSUxndTEiLCJtYWMiOiIyOWQyZDYzM2Y3YTljNzE3OGRkNDc0ZDZjZDZjMWJkMTdlODQ0ZjgzMjdjN2U2YTQ5ZWU1ZDllODViZWQ2ZDk0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik90WkwrODFXTUJ5RVBtdWR2bWM2anc9PSIsInZhbHVlIjoic0FjTDQvTlBuVXNsdXhjNFBORlVYK0kvMC8xdWtnSU0rdnU2OWVKK0ZHQjRRdS9veDVtUGw4RUxMS05nNHVIcmxNRklPWlBWWlp5VExTbDdpUFNhOSt6dWxXeVJDbmtHbENnL2RpYVBmUlZXVmh6ZTJCTkh3VE9hUm1XaXlORGoiLCJtYWMiOiIyY2U3YTc3YWJhYWZjN2IwYzRiY2U5NzBmZDc0N2UyODRhY2E4NzVmNjllY2MzOGRmYWQ0NzdmMzEyZGVhNmZkIiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:47 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aRvAKbHOQxthoDNHbkFdXJiTsBqEmlOo5LQOCxENyZOaVMtUK34V6s7BeHIqtMHRE4uuSvtHg%2FNxQq4jptOAtP0Fz2mycZq%2Ft18%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik1SY3JuUkFFMnNQWEQreXprTURid3c9PSIsInZhbHVlIjoiRmNpV1VWTGlGczQxdHlWRW1JdXMvdlI4OWNmMmFLU01acUtKWUNOQzN1TXcvQ2pBM0Y0WUlDZGk1dFlEcGYzWHBHQUozVkZnV3dMQ2I3R0FQSmRWRTBMZUNGckQ4c0tXYTMxOFQ2VWhiR1p4R3VJTlhmVitWb0JGMkZ2ZUVMbm4iLCJtYWMiOiI3MWU3ODY1YzA0NWJhMWM2NDEwYzIyMDlmOTZjZmE5ZWJkMGQzYWViMmMwNzgxNWUyZTEwMjY3MzQwMzk4YTIyIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:47 GMT\nlaravel_session=eyJpdiI6IkhCaG1XMExDODg4RnY0bXlReTVhN2c9PSIsInZhbHVlIjoiNXJzTi9VaUlOZVBKZW9vaCtreE02SmQzaTNtWnZQY3pNVHFRcTBsdTF4WGRyRzlIRkNmcC9DWDVxOTdYYmNLZHp5QU9ydzhZVmYwUi9kN3NMWHNCblhEWWFrdlJFTFNsanBvTUdFT3FFSnZ0NlJsRDkydk1CNHRRSmRJdkg3OTYiLCJtYWMiOiJlMWJlM2UzY2YzZTQxM2I0YTA0MDYwZmUzM2JkYTllZGFmNDc5ZDcwZmI4NDllNmM3NTAwMzJlYjQ3ODQwYjkzIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:47 GMT\r\ncf-ray: 984802e65a7f0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":90,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"7828f7ae07241c0978ce44e5cc4a0a83","sha1":"a9c93817a15b03507c3c21021fba863d3ac62b7f","sha256":"a65713ab569fbcda76f7d8cd7827b5cc51b58eb5d1b03b50c91924ba9c785fd9","sha512":"3bb6311f102cc50b6e8f2d2739185b17fb0715f94d0100cb7636c76e59e79dd2bbb58046e0e13679efc7c1b92696e68b09354010992d96af34399577f443ab39","ssdeep":"","tlshash":"69b002df0c4182453af211129a537359357350eb1804f05255515510756cb8f972fdde","first_seen":"2025-06-23T00:01:47.918545Z","last_seen":"2026-06-07T06:34:15.885503Z","times_seen":41100,"resource_available":true,"data":null}},"time_used":574,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":574,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/crypto-js/4.2.0/crypto-js.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 19621\r\ncf-ray: 984803095bad56ca-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"65384d58-4ca5\"\r\nlast-modified: Tue, 24 Oct 2023 23:03:52 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1307\r\nexpires: Tue, 15 Sep 2026 05:09:52 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=UMIywTBrlEMdgM1XBxqnm1dhU0Jkicsftg0asdHCVRavaLj0U%2Fyvl7rHZyLyJRr3Yvi0rUyraoSm8OcfsKvyeZSKKf358BDWEj87oxwKTHh6pXxWs4%2BCLtRBwdqcufV9PxftW9Av\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60819,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (60819), with no line terminators","md5":"d9c6de0df2bf028d93924aff92487904","sha1":"6596050516dd12af52d9b0e7b18ed837f1d81300","sha256":"769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc","sha512":"6be4940eec0dcd70efcf85eb21c5c7b827f4f3dfe2240a0de259ab5c9835f179ddb8a2ba6250c73516a5bf8c9dd4de3438a23cd2d162745faba9314a18fa1615","ssdeep":"1536:R8K6Znxmj9rlvCOhI64j7AtSPtNPU9ArHMLlk:RV6+jKOh4z","tlshash":"65535bc0629c5491a3b76480087f740b7073353b0a1d5aacf658faefacacad6907cd39","first_seen":"2023-11-02T21:20:28Z","last_seen":"2026-06-26T18:14:10.384336Z","times_seen":31357,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":9,"dns":1,"connect":1,"send":0,"wait":12,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/GDSherpa-regular.woff2","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /GDSherpa-regular.woff2 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 28584\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-regular.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Thu, 25 Sep 2025 05:09:52 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vn%2BBvg4OEFflIm%2F026SkNKAqys7lQCFdeSjNTgGEbLEBL4k3wHLyrXP9eqmDgHYFUmxuYoKRfLNKbi3dGybwBSaBWxUSfFBU\"}]}\r\ncache-control: max-age=14400\r\ncf-ray: 984803094ea90883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28584,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28584, version 1.66","md5":"17081510f3a6f2f619ec8c6f244523c7","sha1":"87f34b2a1532c50f2a424c345d03fe028db35635","sha256":"2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956","sha512":"e27976f77797ad93160af35714d733fd9e729a9981d8a6f555807981d08d8175e02692aa5ea6e59cebd33895f5f6a3575692565fdd75667630dab158627a1005","ssdeep":"768:8n53CNftp4NM/2qxGvtAG9fvpWYSTvlj6OIqrd1xUseRc:85SNfQS2ntfxvpWYSTcfMERc","tlshash":"b4d2e0ed44d2c62988f7638902690111f27898ffe52d7db3c19da0b27245d7ea3a8b09","first_seen":"2023-04-09T18:51:15Z","last_seen":"2026-06-26T17:58:26.69317Z","times_seen":108301,"resource_available":false,"data":null}},"time_used":798,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":657,"receive":141,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/GDSherpa-vf.woff2","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /GDSherpa-vf.woff2 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 43596\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-vf.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Thu, 25 Sep 2025 05:09:52 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VakLy0G23S60n0GKdqMhp6%2BZNX1ebKrAqHPafn%2BENoYPMV7a8gO6m%2F1CBiDIkNKzDoI6fobhOAQl732dU2zz7B1HJOZjFvMK\"}]}\r\ncache-control: max-age=14400\r\ncf-ray: 984803095eab0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43596,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43596, version 1.0","md5":"2a05e9e5572abc320b2b7ea38a70dcc1","sha1":"d5fa2a856d5632c2469e42436159375117ef3c35","sha256":"3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec","sha512":"785ab5585b8a9ed762d70578bf13a6a69342441e679698fd946e3616ef5688485f099f3dc472975ef5d9248afaad6da6779813b88aa1db60abe2cc065f47eb5f","ssdeep":"768:b0nfc/3Osy1fo0tBBFF/GGXfN2ZHKTBUwL+BR49qCow3Z3HuvJ5+xXtTgXHk6/:b0fU3OdhFF/xNOoZc49ow3Z3HO+xX1mf","tlshash":"e2130258592578a9eb43bd49f00c6e64c296b3d8f5832b62334a04f0bff651620fe797","first_seen":"2023-04-18T03:10:28Z","last_seen":"2026-05-28T17:38:34.608455Z","times_seen":91902,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":629,"receive":247,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/drqs5ePQhOj8nmB61sX2wzYme6YLLyFevC0J0i2XrsCBJk9o0XhMwkZsJGIzvFko7bUGavyJcWaCB6N0kes5FHLMU8Pef730","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /drqs5ePQhOj8nmB61sX2wzYme6YLLyFevC0J0i2XrsCBJk9o0XhMwkZsJGIzvFko7bUGavyJcWaCB6N0kes5FHLMU8Pef730 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"drqs5ePQhOj8nmB61sX2wzYme6YLLyFevC0J0i2XrsCBJk9o0XhMwkZsJGIzvFko7bUGavyJcWaCB6N0kes5FHLMU8Pef730\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EimWQm9uTDs9FJwlJw5ZLYvv3idF0FHECvWZYe42xtCqB%2B2uOQd0TlGA71vRwzoNuosXG%2FOBvPvLPn4WbA9ovyck70umbaSmPvQ%3D\"}]}\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncf-ray: 984803096eb00883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":222931,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (51734)","md5":"0329c939fca7c78756b94fbcd95e322b","sha1":"7b5499b46660a0348cc2b22cae927dcc3fda8b20","sha256":"0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1","sha512":"1e819e0f9674321eee28b3e73954168dd5aef2965d50ee56cad21a83348894ab57870c1c398684d9f8eab4bbbef5239f4aea1dcab522c61f91bd81cf358da396","ssdeep":"3072:Z4blthK0D4NIbkhhMW0AphsQyXV3oUHDDlxh/LoFdW:Z4vhK0D4NQlxh/LoFdW","tlshash":"a6247255a9a8111e726b8ddce0b9b3d8f1149611d1833bafb817ab7cc7ed0a33323645","first_seen":"2025-04-07T06:21:00.635048Z","last_seen":"2026-06-25T09:24:51.551843Z","times_seen":33576,"resource_available":false,"data":null}},"time_used":1135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":544,"receive":591,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/font/assets/proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:53.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /font/assets/proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720\r\nCookie: XSRF-TOKEN=eyJpdiI6InBROWtNTEVDbzg3c0ZYWmJKUWVCclE9PSIsInZhbHVlIjoiKzZkOVZVVlB1QjRwUGFsNTAwOHNLZkNZL05DSFRuOHgrNkd1ZjVlMjFaRHFsR0lMNFdxMXp4QzZEMVZWSmRXYitFUHUrYTUxNlkySTErNzUzQy9XeEZjb01kT2llWExsNHdnRGRTaXIwQ2puTXNYSm5CMEI3ODVNeDB6Y0I3ajIiLCJtYWMiOiJlYTA0MGRhY2RkYWVmN2JkMTExMzlhYWQyMjRmZTQzMDQ2MDAxMzcxYWMyODY0ZGE5NGI3ZGY3YTg3NjMxODgzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFQaTg0a2cwbENSdVRRaldaNWxSdVE9PSIsInZhbHVlIjoib3B1SFFHcDc2L0dBemJ3c3hEai9rM2U2dnhBaXJ3M1d3a0cray9xWWU3ZTVSWSszQzZnYnp6WlVNbDNwMzdrVmJzYnIvKy8zdy9oSDJRbDUvVUx2dkEzSE9XaU92d0FyZ3hxSmNUdkNnL3Y5RXRheldsa3B2RXJ0SGx4YXlzMm8iLCJtYWMiOiIyNjkyMzlmY2M1MTFiMzgyNmUzMTY2MGRiMDVhOWYwZTE5MTg2MjdlMjRiOTZmZjA1MGQ5MzFjNDMxYjQ4NTFlIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:54 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P37dKnKDB9AJnLsoxTPuks9ESr6Q5q3sEtZqeUdrniDl4SnZi5H3ft4BA5YPbpAcRcidpM9wWZMB8d2WKAQ8fxYZojSs1k4M1Ic%3D\"}]}\r\ncf-cache-status: BYPASS\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IlROMm4zeEpndnI4cXFvamJhWmVyQUE9PSIsInZhbHVlIjoibmdUU002cHZ1T0lKWm96Q1BNZjVPRmdaT1VucHlIYk1GYmVJbW9SVnZzUUx4Q1kyaWpXQWtvUHIxOUljdFYra0dsYUdQQ1UyWlQvWE5qSnZKTERKMTdIVjE5OXZjc2tDTGp5ZUIzK3h1WjhJdVlsalNaWjdjRDlMVVBBWDdxcE4iLCJtYWMiOiJjNjVmYjgwZDlmOGNmYmM3Yzg4YWI2NTRhMTRiMThhYzEzZmU5ZjI1YzY0N2I4MDRjOGI0MmVmNGFmMzUwMmE2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\nlaravel_session=eyJpdiI6IlFLd25LVnRjaWR4ZHZ2Q0V5T25vbXc9PSIsInZhbHVlIjoiOUJFSGJwTElveDRITm94SUJ3UUpwdTRtTHJ4YU5sdTB2YjdyUGpDOGhTMG9CTzdDNmJUYW00TGRkc2pLUmNRckVVc2VRTkhsbDB2cVd4YWhDMEIvTUlMT0hwQVQ1Syt0K09SWWNvS1VaL3VCNHNkbGZ2UkIydW9RcXNzZncwSk0iLCJtYWMiOiI1YTNkYWI4OWZmNjFkNDY0NWY3YjQyMzA0YmQ5YWFkYjZlOWM3ZWNmODhmYTJiOGI0YTQzZTA4MmE0NzdjZWUyIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:54 GMT\r\ncf-ray: 984803125fbf0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"c9c794df0ca51ce39cc2306ffa5e11e8","sha1":"63a9a41da270886e1d2dfcdaf0c927ee55eab6ed","sha256":"a74a1bfcdc20a2484bf98b9cc66a75937550348e1d630fc762f1003f5424338f","sha512":"0cc1b5b1ef53f393a05bbe027bc333f8db75a3ab6e44dde00d9a51c40894774b60a9d1df7db0f0a598abe99c08076ffe896eef180385b933a4c57939390f2b44","ssdeep":"","tlshash":"28215353905ea5380607aed5b6a3f2484b664a24f304ecc1048d70050acf6b8cdaf9d4","first_seen":"2025-09-25T05:10:11.225117Z","last_seen":"2025-09-25T05:10:11.225117Z","times_seen":1,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/ugIBJ659cN8DAmswnjgouL7MQUNa47NAcBrQrk","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com","date":"2025-09-25T05:09:48.984Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"POST /ugIBJ659cN8DAmswnjgouL7MQUNa47NAcBrQrk HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com\r\nContent-Type: multipart/form-data; boundary=---------------------------346161846325007633783914349509\r\nContent-Length: 329\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IllBWXU2dldkV1JNUDRNRzltN0dtSnc9PSIsInZhbHVlIjoicG0yc05Ta21BdldKNG5EU2ZRWXlwV1YxVVVLWExNaVY2dkp4WDg5N1duUkl4cXFSOXFtMVRUd1JuWW5ramY2T3pKaWdLWGJMSnZVdTBST3kxUG5QMXJBTlAvQk41dGk0N3diQTdBQmJGaVpjaTRlMlZnTmJPeGtNUEw3eHlHcWQiLCJtYWMiOiIxMTRkYTVhZTY1MTI2NTQyNjY4ZWE2YmY5NzFiZGQwYzU0ZDcwYzFhZjg3ZDY2NDRiMjdkNThlOTZmMTFkMzkzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlF0NTFXQVoxNUZWYTUvVWd4cFFKcnc9PSIsInZhbHVlIjoiRm4xUUdtc3NBZkdJODB0MExOY0szNXF6T09KZ2Y1YzQ0TzhCL2JJdTVNb0hqSVB4NVFETGljVENxMkdpcTIvN0xlK3I1T2tsMFAwK1hkbEppMDJ6NW52NUpOM0dNOWRCek84ZmxseDA4Z0ZIRzB3dlpmYU96MGVrZHgyVlJ3WnUiLCJtYWMiOiIzZTllZWNiMTBmZGZlZGJhM2MwMTE5MTFlNjkzY2VlM2UwODdmM2M0MTA1ZjQzMGVlNDQ2MTMxOGU2NmZiOWU4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:49 GMT\r\nserver: cloudflare\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mxV96rFk9tZQJb32PTXmF6ygW89%2BUn5K1isu1QC8l5mqyzwhnHDp8bVJmOWPQE3zpUKLzEj8fgPxp8KK1c8u3XfZ%2BAK3yk49\"}]}\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IlIzRjlWU3dCZzRrNElNekJqZ0hPOVE9PSIsInZhbHVlIjoibW1DWmxKWkNISWxnN3ZwM052VU02MFBuYzNRMTgzQ2VydGJ4aUJ4aXNwbnMySVBnWTNlbDRvbm0yNk5xR2NNQXh2bUhySWxvaUNWclBXd0VjOWl4TS9TNkhndHBPVS9uUm9wU2dHczVlRXlQcTBBOHZIRkUzdmhoTkF2bnVDaGIiLCJtYWMiOiJmNDliODgzYjljZjdkNGIxZWE5YTVmYmE0ZDJmMDU0OGFiZDEyZDMxNGZlYzczOTYxMzhmODM1NDc5M2ZmNWQ5IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\nlaravel_session=eyJpdiI6Inc3TzRpOGhPZ1N4WVJDd0ZSR0VjNWc9PSIsInZhbHVlIjoiNzYrOVBOb0lpRHluTEZjZGx3MkJYWllKbHYrVFo4QkxKQTZiMy82b0xUR2ZqMXFVYUQ2NHU0d1JUTmdGTmdYZVEzdVVLVEdhOGR6UDlTejJlNml5SkE4Qm01VTU0UmNjWWRjRVJWUjFEbElyZEh1aFRMNmhaZ3R6Q1R4cHhNcmQiLCJtYWMiOiJjMDBmYmMxY2MxYjVjMmJjYTAzZWE1ZThlMzE0NDZlZWYzNDNjZGMwYTEyZTZlZDg1ZWJjMzA2MmExYjg4NjcwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:49 GMT\r\nvary: accept-encoding\r\ncf-ray: 984802f52cb50883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5820854f62a6eb3d38ba7ba0d1b3ea75","sha1":"639df0b84fe699b4a290a713fd6b9a94bd4deb95","sha256":"912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d","sha512":"4452c0a26fa81357f95bf6160c3f5d35ff39f62e03d5faa1e69eb9dfdcb2c83eda4235463ee4065dceb534cc497891a05535467337ad84693e5fa48c317dbbbb","ssdeep":"","tlshash":"f67000020000208008803c0000000a203ae00aa0822a00c0802c00288e08088f08a000","first_seen":"2023-03-13T15:21:35Z","last_seen":"2026-06-26T19:20:22.386487Z","times_seen":92197,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/favicon.ico","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:51.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik5EUklzTC9xM0JuUDBITWhSSm9paFE9PSIsInZhbHVlIjoiOWZQQWNRL2RTaXBpS1N2OUczUk9GY0RyT3ZpTk1RTTJrQkRlOFA0b2tkbDFJbjhOWnBXOVNueUpjSWhBUjNRcVI4b1dnSEpUTFdGSTZuZENxTjNIOTMyQUZqUTY2TEd3NVloaXJwSGtackJXaklWOGxHcFhIbW1tSHpVRVVLdkEiLCJtYWMiOiI1NDZmMjM5M2E0NGNjZDQ2OWQ3N2JiYjA2NmUwNjQwNGQ4ZTM3NjFjYjVjMjEwZGE5Zjk3MmRiYzJkMTc3OTQxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik02Mkdwby9Wa1ZCRWV2RkFmVWorM1E9PSIsInZhbHVlIjoiRDNIZTNiVHdsSHp4WnJEZzdZeE1mQnZWY0NQaDVIV3JWZk9QeitOK1hLMVBTVnVJbkxIUE5uUG1QYSsvVEdjb1hDUExEUUhjYWFkZ256a2RQT2JKS3dTdWFnOEM5SFU3QlBkNWJsa21nblllV2xFNUpVOVU5QkNwWG0vNzhPbHQiLCJtYWMiOiJhMDc1NzYwZmFhMDZlMGVkMWMxZTM4ZGZlOWZlNzI4MjQ1YTlkY2E0MzdiNzhlMTFhNjlmYWZmMTRlN2U2MzVjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:51 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qoMfeCRa7yCZxdeQFbP0V%2FVDb%2BZQhWDlktxG7Ojl1uW8jnbBbhAU7djDYetPo8UUsBLs%2Bcz233mb2nNWwRCEybJR6FbiaRwO118%3D\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:51 GMT\nlaravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:51 GMT\r\ncf-ray: 984803023dc30883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21069,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"64c900efac3ea91a4a4d84a2c3687a21","sha1":"ee7257aab6d6557b23a606fcb03b2e7550f386f2","sha256":"9fb4183061113cc2905d0646a0cf600d57d39b26b58bf31c50b496365b1ec613","sha512":"4e4cd291f3ec90212a2749e9fd1d002b91bc95b9c309cd08bdfef47e5e2d9901b63ddaf028b2dc66357259d6cb257cf37a6cf3006a4a0fe3dba36cb98f758014","ssdeep":"192:WFgcq7h9Ri1x6WUf9XvHyJ8uWSvUcWxwcnIwBwTwgMv1XrnlrINLIYkqCWbdODki:WsDlGijmknJ3hEe3kTlae/nulzJ","tlshash":"db92c42361f0203b414391e5bbd2670e6eb0e403c50e9e947abcd7a8dfd6d86ce67649","first_seen":"2025-09-22T00:01:27.338199Z","last_seen":"2025-10-14T15:39:53.255388Z","times_seen":974,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":461,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/56q0GXuThn3eYSabiYAx9qkllB6ksy0fMmu89732","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /56q0GXuThn3eYSabiYAx9qkllB6ksy0fMmu89732 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"56q0GXuThn3eYSabiYAx9qkllB6ksy0fMmu89732\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oYI%2FasLGOHvjq6em0dQX2u5ZZz%2FFzSkicCv4r4v1%2BIUcbx%2B6R9IWhgkaDO8p0yIU6zhHIS7HpB7Ewz3LPYFp4gyt4O7xQQA2\"}]}\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncf-ray: 984803092e9f0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-26T19:32:57.905391Z","times_seen":484681,"resource_available":true,"data":null}},"time_used":586,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":298,"receive":288,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/kiuWX5ZFXpXqziZhpox6BqlkagClsYQaGq3koBcvh","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:53.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"POST /kiuWX5ZFXpXqziZhpox6BqlkagClsYQaGq3koBcvh HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 3072\r\nOrigin: https://e18.kiviotio.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:53 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pA9vjKsLiGUn3FZPzGdAqu8O2umKwmhJ6VuSHyE2PkoxJHUz7GwALzoE%2BagRZT%2Bi7RietBIXl5EEaStDED4vE%2B2J5RGBHLeE\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IkUzeTBRT09sbE1OaEZjZUc0WkR0Qmc9PSIsInZhbHVlIjoic0R2WnpReFloSW5LTE0wS2wybGtyY0lUVGdVS28rY0RQRkt5RklyTlRuSEtYbHBnMkhsRVlLaTFpWWhRS2NKMXczUEYvVjVBSGg3dk1NRE5vMXJBU0xxS1JQYUZmQ2M0YjVrZE12UTFsOGd2eVVtLzhHWmFKMk1keTlWWG9TWlMiLCJtYWMiOiI3ZWIzOTlkMDc2MmNjMjVkMDkwODEyNzRkYmYwODkzOGExNDkzOTNmN2Y3ZGIwYmFjZTdlY2I2NTYzN2E3NTYxIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:53 GMT\nlaravel_session=eyJpdiI6Ik9zdVd2MERDNGpmaVVPRnppbmFJMmc9PSIsInZhbHVlIjoidnpVdFFzTVA4bUtibDVWdmdzcHZFRDR1UWtPaWYwdkNwUVZRTkpWOG1jM3VWbjVjaDdtZzNDeEE1aDl6VWplN3hiSEtQRytDTk1QUFpqUHhleE8xdGxsanlPVFp4VlRSNExVYnpPRVVmQWFpNVpJcTRuMzdsQ1ZUYTU2Q0x3Y2siLCJtYWMiOiJlZDdhMDMzYmIyMTRiMWQ0MGZmZGFhNjkwMDg4NDY0OWRmOTI4N2E4NjM1MTcyNDA0YzZkYjg0MTZlZWMwZTdkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:53 GMT\r\ncf-ray: 9848030e9f750883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-06-26T19:34:43.950547Z","times_seen":121267,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":288,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/GDSherpa-vf2.woff2","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /GDSherpa-vf2.woff2 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 93276\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-vf2.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Thu, 25 Sep 2025 05:09:52 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZXoumWaetpfRk%2F7ckI29QU4BXcPkSQnx3IK1rlaGMS42EPGUl86eLmsq%2B6HONe44Sbu4zATH8FDXJ62lCtSVWVQPNW1XjDhx\"}]}\r\ncache-control: max-age=14400\r\ncf-ray: 984803095ead0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":93276,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 93276, version 1.0","md5":"bcd7983ea5aa57c55f6758b4977983cb","sha1":"ef3a009e205229e07fb0ec8569e669b11c378ef1","sha256":"6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c","sha512":"e868a2702ca3b99e1abbcbd40b1c90b42a9d26086a434f1cbae79dfc072216f2f990fec6265a801bc4f96db0431e8f0b99eb0129b2ee7505b3fdfd9bb9bafe90","ssdeep":"1536:Dy7KSLv+MMqDeeIgDFSxpuQP7ObnKSWBO61LlRzSSAT6YmkSzOu7Be0OB53jIH4I:Dy7JD+net+puI7ObKHVhTSSlYmk4OuWa","tlshash":"d293029c71ec79c19e00616e94c92535f89fdab0f049d3fa9a4ed85b927c369e343b10","first_seen":"2023-05-01T02:20:29Z","last_seen":"2026-05-28T17:38:34.569394Z","times_seen":91738,"resource_available":false,"data":null}},"time_used":977,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":663,"receive":314,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:52 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q1KEEfNZkcBF%2Bkl4e0q7Ya%2FIX%2Bn3wiTqYpRNXbxjs1AFoErzxHrWoN9WMS%2FQGvs1N7k82U%2BSNuEDQGX6JVD42PJaJTkC0rNrIpw%3D\"}]}\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncf-ray: 984803096eb20883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10498,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (10450)","md5":"e0d37a504604ef874bad26435d62011f","sha1":"4301f0d2b729ae22adece657d79eccaa25f429b1","sha256":"c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179","sha512":"ef838fd58e0d12596726894ab9418c1fbe31833c187c3323ebfd432970eb1593363513f12114e78e008012cdef15b504d603afe4bb10ae5c47674045acc5221e","ssdeep":"192:x9iW+rIadfLTcaTO5BrwjnwSrQ1kPmqQmMjmtmumobU8:x9KVLbw6jqON","tlshash":"0a22724186196412409b6f13f0dabac27f0a221df52292bffb3d496cddea8561730f39","first_seen":"2024-03-14T18:17:02Z","last_seen":"2026-06-25T09:24:51.555975Z","times_seen":48244,"resource_available":false,"data":null}},"time_used":555,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":555,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"e18.kiviotio.ru/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2","fqdn":"e18.kiviotio.ru","domain":"kiviotio.ru","tld":"ru"},"ip":{"addr":"104.21.85.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/","date":"2025-09-25T05:09:52.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kiviotio.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 12:28:20 GMT","end":"Thu, 27 Nov 2025 13:26:56 GMT"},"fingerprint":{"sha1":"68:48:41:40:03:4F:C6:1D:DF:22:BC:27:D9:EF:B2:DD:0D:C4:D9:1A","sha256":"CD:9F:B3:DB:0D:5E:D4:8B:3D:57:3C:3E:98:13:7A:1E:10:C0:30:DC:FB:64:CA:CE:7B:43:E2:30:DB:0B:16:87"}}},"request":{"raw":"GET /font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1\r\nHost: e18.kiviotio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e18.kiviotio.ru/drXjbEVVLbAj1HnXmTFgtBQ26ZHPam28ibMkg4Nd6bJChexV6gE2rscA4ht7ULe4nDSypqNnpNYm9QssFdMJef720\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZNM3ptdXV1M3p5TEF6VGgrUXBUTUE9PSIsInZhbHVlIjoiaE1ITlRGQXBXeDdQb1ZjUTY1b3QvMWdhV2ZwWFcwNDlOQ2dFVVBkUmNzUUxoRTNxVitTcWlZUFVSeHRQb1hMN0hrdlRLN2tnOXVDN0NVRUVMOWlQa0w4NFp3czYxSkJyVHZYaHFDaDZMNm1QczdjYWh2Q2RhOFgxSTFoVHZxSzMiLCJtYWMiOiJhMzZkNjdiZjlkYmM5NzM0MDBiMGU0NmJkM2UxZDc4NDExMjkyYTZjZGFkMzljNmQ2Y2ViZmFhMjU2ZTIwZWM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNYdTJlT29LT0NMRkpOQ2g4bWhabFE9PSIsInZhbHVlIjoiNnNRVkc2SndkSWUwWjN5eTE4VVg4bVJ5WkdVL25IdGVKR0c2WTZLM1U5QXlCQWEwSTl6OERkZ3ZBQ1hiS3gvSjhpcmY1aExBaUJ4Sk83aWptMDE3MTUrYXg0dURrSzE0MG9hY3hlcmQ4VnkwTlY4ZS85UXcvUThWcE1tWmQrNWkiLCJtYWMiOiI3NWE1M2M1MmJlZTEwODc4MjlhYjc0YWNhZTJmM2QxNWQ0ODM4ZDVhZTQ1NzFmMmI2OTY4NmQ3ZjU1MDkwZWFmIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 25 Sep 2025 05:09:53 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SJJDVWorhmakyBfCGAb0mtVZ7u2dBZFlf%2BD%2FxRSgCbkHfMv%2F5s5lgplh9PDPN7iJ2%2FEyhfuUc4qFmVwS%2BXQ7hJtBDDfFiVc%2BtEQ%3D\"}]}\r\ncf-cache-status: BYPASS\r\nset-cookie: XSRF-TOKEN=eyJpdiI6ImxBTFJUS0pTN2pvVlV5RkcxbGFiVXc9PSIsInZhbHVlIjoiU0QvcUVaRUxodEVzbjUzSHVnUWtiUGh6RS9WQzh6Y2pHeUtRZkN1MzBrK2lLQWZxYmlKbUVOTjJVL1h0Y3FUZVJNVXJESi81UVpnY29peWpVbkVxckU2dVBaTFUvd2lDNnkvdGNNaGxFaTA0akt3M005aCt4L3I4Z1A4ZzJPY2kiLCJtYWMiOiIyMzEyM2Q2ZDM1NzczNDkyZTE1YjBiOTM3MzU5YzkwYjk3NjRjOTM1NTk3NzgzMjNjNmFlYTAxYjJhMDI1MWI1IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:53 GMT\nlaravel_session=eyJpdiI6InlOZ3E2TXgrMEo3clY0anR3anpRMkE9PSIsInZhbHVlIjoiMTkwL1l2VDcxd2MwVTZUbXBDWmpubERyU1RrcWpqZ1RoQ0thbjhJU2djRWp4dzJ5aUFRM09yeHBEdEsrb2FlME5BVkZLSzRPTTlldUt3SXlaaHZIY0FNNW5XYXFQYTlHSytWblUreTdvUVV3ekYwb011S250ditZcGlEbW9COEIiLCJtYWMiOiIzOTNmODBjNDQxNTU3MGJkOGJlM2FmNzIyYmZhYTM4ZmEwMWZhOGI2MDQ3ZDk0YTBjOWI5MTUzMTRhYTExZTcyIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 25 Sep 2025 07:09:53 GMT\r\ncf-ray: 9848030d6f4a0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1366), with no line terminators","md5":"f7923d18d967dc3a32a9849dccecbace","sha1":"a562fcd411dacb81c375cdb302567ed63eae92ab","sha256":"316d7806964955640c20c28e7e21005cd218e0aa9d727c0912d29a8a8476eb93","sha512":"29e51395d402d9e423cc98adb4700a1db9af682bfa2faf10abd827286a61380597ba96ad0e24ca95c4e90c9336925183d1a1e0821ec56459837f29cdc0d7ffe7","ssdeep":"","tlshash":"80217247a16592380b42dde623e3f25d4ba89920f308dcd1498db85409df378caaf5e0","first_seen":"2025-09-25T05:10:11.230327Z","last_seen":"2025-09-25T05:10:11.230327Z","times_seen":1,"resource_available":false,"data":null}},"time_used":701,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"e18.kiviotio.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}}]}