{"report_id":"4cc7690d-10dc-404b-9705-3d925421636e","version":6,"status":"done","tags":[],"date":"2026-01-06T14:25:57Z","url":{"schema":"http","addr":"co928090.tw1.ru","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"co928090.tw1.ru/depart.php","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"title":"co928090.tw1.ru/depart.php","dom":{"size":5707,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2121)","md5":"92b713ef3022381c64f132ef88f28be0","sha1":"d7b5748b644ecc077c0a8a49dde9c4af2b9f34b5","sha256":"cc3e09bbe3a4520f0322c57100bba861e6f8a1bb36d3fa29e2076c2e987cf1bb","sha512":"4857485f2f4c50eeb846c10867f9f0e630ef035b8a39bc0286561ecc2b500d989c08b19518feea6af1f0637cd8e6a0030179a0a23d51f9b9b9627c65c7d01e2d","ssdeep":"96:g3s6YzCXkusslQCyMJqaqB0IDKqJ38ZpeXFj:g3DYzCTll/qaZUKq+pOj","tlshash":"1cc11f21a4a4ee0a00db58d8d4b2056959fc4307c23b459cf97c93f5ab9fcadcab3169","dom_hash":"domhash1d87ecbf04cb4caea9f85e58455a9154","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"co928090.tw1.ru","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-10T14:25:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"co928090.tw1.ru","ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"2006-06-29","domain_rank":0,"first_seen":"2026-01-06T14:25:57.442262Z","last_seen":"2026-01-06T14:25:57.442262Z","alert_count":26,"request_count":13,"received_data":650126,"sent_data":6603,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"co928090.tw1.ru/res/cdns/jq.js","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"1150e561f02aaa2a237a4f200face65d","sha1":"6afaec62e997d0a42356c71521ef0d157b506757","sha256":"9d02ee01919145c20b03ee9d3013af7118793dedf5d2c0696a773af90066c953","sha512":"9ceef080752858f60608dae2c86cdc1703d217e6cf0ce47e36fb4e632db031c5a4ae708d3ca05c144914f345c8375e145636b419d9df7fd126c9dc8b94e2fb99","ssdeep":"6144:VpkhNVlJ+TC1lFhTzeKpTcYmD2zK8U1Js3Px+WK+N7TFyygRWL/IaLgeNTIPfgy1:kjTcYmD4I4Px+WK+N7TFyjeTiPflAqqi","tlshash":"0554b4d9f78d112e423231aaad2e12cdb77cd171560458aefd4d497c24a083d83baf7a","size":293671,"data":"","first_seen":"2023-03-12T23:28:44Z","last_seen":"2026-06-08T19:22:18.879299Z","times_seen":1406,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/depart.php","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"6e4a96652181ae70e224292ae62f8ec0","sha1":"c9e1999be7a7a68b59c58140a190e8dbfb5110dd","sha256":"17808ebaa003b9a8b9868f9f12d14fffa8c4f1d1f264d4f01e0d3607713155c5","sha512":"79384289aab5b438e2899099f60da980691e98f0434126e254d261258c573d0fb857eb9a2e5088a81ae56b2ada2c5314093cc8f1411db7211bc4e0ab9f265609","ssdeep":"","tlshash":"35e02bad90f51a8c02fbb09049ef4a2ef66e4783451c88213d4ce1c16ff8f490991f54","size":305,"data":"","first_seen":"2025-04-03T12:07:45.591113Z","last_seen":"2026-01-07T05:39:18.80249Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"co928090.tw1.ru/favicon.ico","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 196\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-06-08T19:27:31.97069Z","times_seen":104175,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/depart.php","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T14:25:35.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /depart.php HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:35 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5836,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2113), with CRLF line terminators","md5":"48fdebd6732e97a6ab1584fe31271c05","sha1":"82bab2a1b226ac789888cab44b47912e4c1b4795","sha256":"358e6dbf857a83f96a93a6472ebe130a5857df327ad04d35c735a2b2e3361ce6","sha512":"3d04dc6f2e9b8a5217f4de9c993d570ce55b8d17539c2283db7e30fbade81365ac7f1d0234bc6aa6cef71232a09b25ad096938ff30566e26d3ce58a324cebd64","ssdeep":"96:DenksKXLKmb92ANsRMd8qCqCOuHc8a0Fo:D+kbLKy92Ud8FT40C","tlshash":"82c1321465959d8902fb58e8d87206a5e8f4030ac3270598f97d93f36bbfc2ccab359d","first_seen":"2024-10-12T23:02:04.000923Z","last_seen":"2026-01-07T05:39:18.797985Z","times_seen":25,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/style.css","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/style.css HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695b7033-cfe\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3326,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with CRLF line terminators","md5":"ecbcb9d99b1707fa3510a8b6dcf50c0d","sha1":"2336ea9a79e2be0f24f5c1c47d58c8a3a1643ec3","sha256":"aa286e766c98a69180470965176e45b81673cbdb90ba1a84631762ac41c7668c","sha512":"e0dd61114983c98a61b2e0639b313e7392df80f39738078ccd5550d16eb0dcef6d112c3472f103708f274243cac20ecbec20d86dfc203ea5e99e8615c8e77225","ssdeep":"","tlshash":"b361bc5dc64215066377d950ebb70b8eee98002b8a0745a9beec73b0cfb1474c2a1f8c","first_seen":"2024-11-24T16:45:02.189068Z","last_seen":"2026-01-07T05:39:18.791964Z","times_seen":32,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/menu.png","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/menu.png HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 311\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-137\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":311,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 53 x 50, 8-bit/color RGBA, non-interlaced","md5":"212ab8ba0002cf0f2c79d7cac247926f","sha1":"eae93b3c15073bc013acf51f8601f3a2f20f19c9","sha256":"599e6ff8546fb8183657fba87d64bd6d4c20d642005754f3d05342b2d117ee35","sha512":"2056681c4787174a5bb46b0edaea41749e4e2e00de4fb84919124ad2bf04691e6820acb9819929e7c8c28952ecb6dd1f5661688bf75e55b2ec54d018e799020b","ssdeep":"","tlshash":"8be020c3264490ede139092bb19d63d1e5b520c989415077bc288495032d7c54d012d5","first_seen":"2024-10-12T23:02:04.007158Z","last_seen":"2026-01-07T05:39:18.798921Z","times_seen":51,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/logo.png","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/logo.png HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 6584\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-19b8\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6584,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 195 x 50, 8-bit/color RGBA, non-interlaced","md5":"d5aaa1735e76b896a2fcd37ca2183eae","sha1":"6fdfd6f20623ea24a5c794f8728aef46c9b4b3bd","sha256":"d4d7832cf0f0b869c483506c9bc2bd5985233f10c6f985add83f2a6a2a959cdd","sha512":"b67260461e2935d23e0555888628dee787ec2ab000ebb4076cb935110ce1babcbab5fadb0edb3ef2ee99127dd34eb11b4126e54cd0dc32fd176f27dcdb03ae89","ssdeep":"192:rizyIPslQf0fU6FRc7hUMjfDvkUR/1LDkZRvO:JIPsvfUMRShTjfDMS9LQZE","tlshash":"fed1b0b05b00c9cc9a800e2cd75a643f3f05d4c745ad362327c4a8180f224ac63eff68","first_seen":"2024-10-12T23:02:04.004579Z","last_seen":"2026-01-07T05:39:18.799802Z","times_seen":57,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/pc-menu.png","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/pc-menu.png HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 5433\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-1539\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5433,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 559 x 67, 8-bit/color RGBA, non-interlaced","md5":"82d68cf5016464a60e6dd7c8e9094936","sha1":"974b6e8f5de0e447063cae72fecf81f468d6a918","sha256":"21063a036ce45e05fcbba86a2475f770fd06c3884011f1755e108a07cb673746","sha512":"c1d0f88f0277aba4649bf004ccf2e37e21c0773720f2be72a29efc9ca72144d7cefe8e5907228e3d390c269d39348759e070d605f879d64de792a0e9351e779e","ssdeep":"96:SRBUUfjQZcuM3L+pizuNzIGBEFIb9RDpG4REAm7Vntv7qYieZjUUsK:S/UULluNRlHpGWEd7xBqYxUUsK","tlshash":"cfb15cc8f96c7ce8503b145bee94d80215e0db3ff349e64781a83aa5d04a2889703f8f","first_seen":"2024-10-12T23:02:04.011303Z","last_seen":"2026-01-07T05:39:18.800705Z","times_seen":49,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/search.png","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/search.png HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 1498\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-5da\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1498,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 131 x 67, 8-bit/color RGBA, non-interlaced","md5":"6e46b573ac3bef44a92ef4a327897275","sha1":"422f0046a603f3af8f11873d6367907380a37891","sha256":"719c0a598c756a61795246b268553b0b45f9c42c831ffc77b3cbcbbea65f52a6","sha512":"e66686bc1aeb685e4682c4a1325078e9e42af3befd516a60ffda4758ebbec53b722be300d3f8045e9bdabaf09caf3ae0631826bff85b76072bc1917c89462bc6","ssdeep":"","tlshash":"2a31c94326e0e523c5048c6f6cceb57d31102dc7360a31879f6e14992494ddc4a456ee","first_seen":"2024-10-12T23:02:04.013897Z","last_seen":"2026-01-07T05:39:18.793039Z","times_seen":48,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/back2.jpg","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/back2.jpg HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 243919\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-3b8cf\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243919,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=791, bps=218, PhotometricInterpretation=RGB, description=Diverse culture people using mobile smartphone outdoor - Happy friends having fun with technology trends - Youth, new generatio, manufacturer=SONY, model=ILCE-7M2, orientation=upper-left, width=1326], progressive, precision 8, 960x960, components 3","md5":"b259c4797d838add41da1047021d2480","sha1":"13de10f5a348efa8ff3d856f2e347eeff8a33579","sha256":"c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8","sha512":"bda9659c388a30ca6bc9ea1a7fa341fd8a10f0e46e581350e07659d0fffb3c28e89b0f8d68646dbcc8a4e72fb88dc06137e2bbe7dfddf8ecb8e7d169936a9b69","ssdeep":"6144:Hduec9C93xTGHicdM2vq8f3hloWeHI+MrlcZeuX:o86H/d68oWeoxrlcZnX","tlshash":"0c3412369f4adc83d0d014b5c5a4c347f102196aaaf3c206b7bcf5993fbb9948d58683","first_seen":"2023-05-01T22:58:44Z","last_seen":"2026-06-07T02:29:48.791436Z","times_seen":691,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":100,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/Gotham-Bold.woff2","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/Gotham-Bold.woff2 HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/res/fonts.css\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: application/font-woff2\r\ncontent-length: 39264\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-9960\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39264,"size_decoded":0,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39264, version 3.19726","md5":"003e90cf8cb3f8b4bef30d6764da18ed","sha1":"512e44f40b54d0e5e081dda9fd5ea8a4429a508c","sha256":"319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1","sha512":"cfc48f671555841551e36445bb1e5fa3cd0232c853b24da0a7dafe5c251981a6ec4cb29ff4adf3ed612988249d8ba74246859683eb9302f7056bd92c88b85fa0","ssdeep":"768:PV7oXjYFCWB07dZORB0aJ8UqAZp+ZNhoagVgvCqYNvfSVLRo3nd:PBocFxq7f0x8UfZp+ZNCDmxYNvqVFo3d","tlshash":"1b03f12fd482a371c9cfcea5e9759506cb9079d1b02eb8374bd419cd7e25c8e91822b4","first_seen":"2023-04-06T18:48:56Z","last_seen":"2026-06-08T03:30:47.156579Z","times_seen":1077,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":87,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T14:25:35.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:35 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: depart.php\r\nset-cookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":5836,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T20:34:26.488801Z","times_seen":16249334,"resource_available":true,"data":null}},"time_used":843,"timings":{"blocked":369,"dns":17,"connect":39,"send":0,"wait":105,"receive":0,"ssl":310},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/fonts.css","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/fonts.css HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: text/css\r\ncontent-length: 147\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-93\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"4120e6cc4fc73fb5086f4adade40359f","sha1":"43dfd8388f198e735fe61d32b961da67216f96f0","sha256":"1a0d94397022ccef8557d7c459cca9975496c73965368f2dd0fbf1529ef305a1","sha512":"396d3211832b4a31b7a0177ca203c072c944898c4327ccac819a59f7abb5cdc7bc42d580cb3fad8b6625e845c3461dd9245847df9352162ce0c51ce0a4001977","ssdeep":"","tlshash":"bfc04c002c4e340db0e38d7bb39b2813b44b6467158a40653395560d5ef292043b0e3e","first_seen":"2024-10-12T23:02:04.009096Z","last_seen":"2026-01-07T05:39:18.790817Z","times_seen":56,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/cdns/jq.js","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/cdns/jq.js HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/depart.php\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695b7033-47b27\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":293671,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text","md5":"1150e561f02aaa2a237a4f200face65d","sha1":"6afaec62e997d0a42356c71521ef0d157b506757","sha256":"9d02ee01919145c20b03ee9d3013af7118793dedf5d2c0696a773af90066c953","sha512":"9ceef080752858f60608dae2c86cdc1703d217e6cf0ce47e36fb4e632db031c5a4ae708d3ca05c144914f345c8375e145636b419d9df7fd126c9dc8b94e2fb99","ssdeep":"6144:VpkhNVlJ+TC1lFhTzeKpTcYmD2zK8U1Js3Px+WK+N7TFyygRWL/IaLgeNTIPfgy1:kjTcYmD4I4Px+WK+N7TFyjeTiPflAqqi","tlshash":"0554b4d9f78d112e423231aaad2e12cdb77cd171560458aefd4d497c24a083d83baf7a","first_seen":"2023-03-12T23:28:44Z","last_seen":"2026-06-08T19:22:18.879299Z","times_seen":1406,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"co928090.tw1.ru/res/Gotham-Light.woff2","fqdn":"co928090.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"87.249.38.179","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://co928090.tw1.ru/depart.php","date":"2026-01-06T14:25:36.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 15 Jan 2025 07:43:20 GMT","end":"Mon, 16 Feb 2026 07:43:19 GMT"},"fingerprint":{"sha1":"3B:17:7E:02:A9:75:7F:1C:3F:6E:02:20:9C:F3:D9:33:AF:59:66:F1","sha256":"EB:D4:07:78:89:12:45:D1:5C:3E:C7:7A:0D:57:0D:93:C0:04:2C:53:AF:41:C9:7D:81:07:55:AD:43:6C:3D:15"}}},"request":{"raw":"GET /res/Gotham-Light.woff2 HTTP/1.1\r\nHost: co928090.tw1.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://co928090.tw1.ru/res/fonts.css\r\nCookie: PHPSESSID=ec36ecc170771cd9dc298da013a31b6f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Tue, 06 Jan 2026 14:25:36 GMT\r\ncontent-type: application/font-woff2\r\ncontent-length: 40280\r\nlast-modified: Mon, 05 Jan 2026 08:02:59 GMT\r\netag: \"695b7033-9d58\"\r\nexpires: Wed, 06 Jan 2027 14:25:36 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40280,"size_decoded":0,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40280, version 3.19726","md5":"7624ae091962735719fb82bf900c22b7","sha1":"393477ccdcd62b914d90dd379dd7d677d761e416","sha256":"e266d1f2bcf1da0faff6964637fdcd9a4e47c50a7a56be74424f409f30c83c5e","sha512":"bf8a412558c1bc5067673d31339f58e63bc6e161385938ada2894eff7f8b6569e7e7897578506633b75eecf869b7c0d68e2e4395efe6bfc1550cb5ef921acf29","ssdeep":"768:Fpqe5KnZDijwD15J5MOcMWEG8byqCb5RptAXmLbF9TnsglH6sCGYJ:FAeMA8jJ55cnZxtV7TskMGYJ","tlshash":"0e03f2ffe6796343cef468f28fe448c567d58200db436a46bb61eb18c97502d781c066","first_seen":"2023-05-11T22:53:36Z","last_seen":"2026-06-06T18:47:08.88637Z","times_seen":366,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"co928090.tw1.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}