{"report_id":"47f8ea0d-c81e-4d53-ad42-abf7f0207dbf","version":6,"status":"done","tags":[],"date":"2025-12-23T10:28:14Z","url":{"schema":"http","addr":"oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":0,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"title":"502 Bad Gateway","dom":{"size":428,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"89aabeab512a008a53f355fb0832ea86","sha1":"08a6120d4a003c44c5adeb254daab81b251dbe18","sha256":"c65e60205886e14fdd5cbbe7d39952e4af24ab5d98185fbba2cfb97770166740","sha512":"31f3d4ea33dd64a44e546b6626d79c6d52b36d14766f21785736596b3bdc180a6296ce4dfdcf9d615cf608755f237837400deca616cfe667be2fc5642efcabe4","ssdeep":"","tlshash":"19e02376b1103090f2e2c23846427350072078c2d34c481045cafafeaedab28dd8f6d1","dom_hash":"domhashdc803a8da2b8c3ed6ce0e138d5febc53","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":0,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-27T10:28:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"oedy9.com","ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"domain_registered":"2023-10-27","domain_rank":150266,"first_seen":"2023-10-27T10:41:23Z","last_seen":"2025-12-17T23:26:08.817115Z","alert_count":4,"request_count":4,"received_data":6150,"sent_data":1775,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T10:27:52.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 502 Bad Gateway\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 446\r\ndate: Tue, 23 Dec 2025 10:27:53 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"4b56af76c7bbfd1bddfb0c185deed6cf","sha1":"712b0de6f9d4c451e1c1b69b8dea59ebcfb19bd7","sha256":"9fb55c8f75012e0077e3de7a709f2f614a6880f6e245e2e438cd50bfa10805a4","sha512":"a610b014c3dad030d41e8995c81e9e669f01628e9c4d38d24723879d9da080698ad684c44b47a08e7f0e44635670f03a89e5cf6f8e73366cae36970be858de80","ssdeep":"","tlshash":"77f0dc6a31103090f2e282385a823360571026c2e34d485055cbeebfaedab18dc8f6d2","first_seen":"2025-12-23T10:28:15.456836Z","last_seen":"2025-12-23T10:28:15.456836Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1527,"timings":{"blocked":731,"dns":660,"connect":32,"send":0,"wait":64,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":80,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T10:27:53.815Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nContent-Type: text/html; charset=utf-8\r\nLocation: https://oedy9.com/\r\nDate: Tue, 23 Dec 2025 10:27:53 GMT\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":26,"dns":1,"connect":30,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T10:27:53.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 502 Bad Gateway\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 446\r\ndate: Tue, 23 Dec 2025 10:27:53 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"c185a272388db60772aff31abe584bae","sha1":"be35d4cb4adbfb44e9ff946d69aa1c78a5fb096e","sha256":"aad58b3c5f450ae876839a20054fd5a6cf5dca1199d5767e1bb9b8479d16910d","sha512":"a3e76b2936308cde146dbf69ffb062beffba9fba0c2b443d671d6e41d602924e698292137472d0b0232a9509a52bc92117a84e75cbe63291f0ac08a8c5ee776f","ssdeep":"","tlshash":"79f0dc6a71103090b2e282385682735007202ac2e24d485055cbfebfaedab18dd8f6d2","first_seen":"2025-12-23T10:28:15.458488Z","last_seen":"2025-12-23T10:28:15.458488Z","times_seen":1,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/favicon.ico","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/","date":"2025-12-23T10:27:54.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Tue, 23 Dec 2025 10:27:54 GMT\r\netag: \"6933481e-fc4\"\r\nlast-modified: Fri, 05 Dec 2025 21:01:18 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=8e24b569a590272a9b4329bb58acd27e; Max-Age=86400; httponly; path=/\r\ncontent-length: 4036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4036,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e59ad0a9aefea690d92ffc6266516c6","sha1":"f82e7a5e38ad362b54a94522fd99963bc1515d27","sha256":"fa3958fb852fab1c92b41cbb3a1ad0c4487ee1cd1ef4712e6817fab8b8fde0eb","sha512":"3b4c28339115ca408dd153651ca8a2447b50788ff8499e51986f4062a8124e3145ef0d0ee9dbc36515be338d7cd0a21e1d6eb9725e9905454911af9c6d8827e0","ssdeep":"","tlshash":"a8817e69280b2a67e7f9a51b07360117ddf1a0ad62d7a88dc909c037bdee2b73086414","first_seen":"2025-12-05T22:31:48.407286Z","last_seen":"2026-02-14T16:06:52.824936Z","times_seen":254,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}