{"report_id":"4e4661d3-3fcd-430e-8752-b62b3f138edc","version":6,"status":"done","tags":[],"date":"2025-10-07T13:06:11Z","url":{"schema":"http","addr":"duw.chachoutru.ru/kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net","fqdn":"duw.chachoutru.ru","domain":"chachoutru.ru","tld":"ru"},"ip":{"addr":"104.21.93.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"duw.chachoutru.ru/kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net","fqdn":"duw.chachoutru.ru","domain":"chachoutru.ru","tld":"ru"},"title":"​"},"submit":{"url":{"schema":"http","addr":"duw.chachoutru.ru/kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net","fqdn":"duw.chachoutru.ru","domain":"chachoutru.ru","tld":"ru"},"ip":{"addr":"104.21.93.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-11T13:06:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"duw.chachoutru.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"duw.chachoutru.ru","ip":{"addr":"172.67.206.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-14","domain_rank":0,"first_seen":"2025-09-30T23:08:00.693098Z","last_seen":"2025-09-30T23:08:00.693098Z","alert_count":2,"request_count":2,"received_data":16587,"sent_data":1762,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"duw.chachoutru.ru/kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net","fqdn":"duw.chachoutru.ru","domain":"chachoutru.ru","tld":"ru"},"ip":{"addr":"172.67.206.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0c650099467c52c2cd7f896b7afffb88","sha1":"05f5a6bb5dd13074c7ccf11c1e9a2be9ac3d96c4","sha256":"20b926312d11205246f0f51364694b4ec755537133528ac9eb5d1644320da2be","sha512":"7749dfc5075343fc240007d7aa22bdd6b75daae158bfe3e3e07c5b46d9bf5114eb9a812b4a72c16b95d63587dd2ebb8cfd0a658962bc2ea62a534646cce6294e","ssdeep":"","tlshash":"d501afbb715b1a350fe689b6f6d1729c7d2549002a414ce74cedd416025cdc0c1ff2c4","size":840,"data":"","first_seen":"2025-10-07T13:06:11.820649Z","last_seen":"2025-10-07T14:01:33.894741Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"duw.chachoutru.ru/kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net","fqdn":"duw.chachoutru.ru","domain":"chachoutru.ru","tld":"ru"},"ip":{"addr":"172.67.206.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-07T13:05:45.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"chachoutru.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 14:29:26 GMT","end":"Sun, 14 Dec 2025 15:26:39 GMT"},"fingerprint":{"sha1":"BF:39:CD:95:24:17:7E:CC:43:86:7A:F1:33:C3:82:D0:1A:8E:4D:4D","sha256":"84:94:44:4D:00:37:B2:4B:4C:B5:6B:08:A8:4F:FC:6A:79:B7:17:E8:73:0E:EE:59:F6:B5:32:03:3B:86:8B:8C"}}},"request":{"raw":"GET /kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net HTTP/1.1\r\nHost: duw.chachoutru.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Oct 2025 13:05:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UdDiEDWQMFbRimoWXGVhATWTJ4P8QQ1mGUjVDBWkE%2BcsvfHXogi%2FLKuQm5pxhK1rMApXcIS0qP%2BU3WQIpbpQSi2MZ8VW5h0aS3uh7Ok5qD8%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6ImNLakZaQjcxU3NRaXRWaUt4OStscVE9PSIsInZhbHVlIjoiaXk5Z1NKUXMycnVBUXlqWExMTEdlMU5oako5TFVtSm9ndjIrQWN1aWVPZTRoSUxxWEt3QmNNMUtQaGlRQjJ5aXVxR29xRTNhbHg5NGVqb1FaVVJTekNQSnVpNC9XNkUrekVIRjE0aTh2ZTBqbDlBU3FqN1l0dzJRRkV1WVhDMXQiLCJtYWMiOiI1YWFkNGY0MWE4YmQwODJlOGRjMWY3Mjc5NzVkNGVlZjJhZWM5NzNiMTcyMmE3ZDliNzMxYmI1YTA0ZWUxMTI0IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 07 Oct 2025 15:05:46 GMT\nlaravel_session=eyJpdiI6IlhaRzFyejdScHFRZEV4bVJ4L3FKZHc9PSIsInZhbHVlIjoiNWZxMGVVNHJoVDJDTHVyemRMVDNIN2hsYUNqVFRxUWlSL2F0R0JXVUVUd2ZCM2Z3WWR0QjZpNndHdnJJZXc0Wm0ydXR0YWtrVXlQSUJVOXBXdUNuK3I2Qy9obFczcXNEZjUwckZEL0hvMjl3dTFuTnBaMnp3ZmpCUDdFMlpueUIiLCJtYWMiOiJjMGJmZTkxYjY0MWYzNGU4ZDI4OTcyODU0ZTU4MTNjMzliZjBhNmM2ZDZjM2QxZTM0MTdlMTNhMTFhNjhmMjg4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 07 Oct 2025 15:05:46 GMT\r\ncf-ray: 98ad9ca68f2cb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5221,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5209), with no line terminators","md5":"6bb8201d5f5c3dd917cc610bcf2ba3ae","sha1":"d51ec3bfc513bf2c200914e80559e8b87396b8fc","sha256":"b44a197a1c2de57f99634890948733bc2737e5700754ec81ba539ac424233b41","sha512":"7ee527c242729ead44a6a9c6b918821e3afa76addccc2ceafb911d7e50ebeb39918eb4617912f0e5e1204d88650e6e3dae9f8e0a75be24aa7affea364a136d0f","ssdeep":"96:isy20xk6JeWLLKBM4vj7inzV/4Bae4xzM:iN20xkyeeLKBM4vj7EV/4B14xY","tlshash":"ddb185762111203979e3c2a07fd0978f7168c502e7139abe5ee5a569c2cedd5c8fb2c4","first_seen":"2025-10-07T13:06:11.813589Z","last_seen":"2025-10-07T13:06:11.813589Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1195,"timings":{"blocked":207,"dns":27,"connect":1,"send":0,"wait":780,"receive":0,"ssl":177},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"duw.chachoutru.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"duw.chachoutru.ru/favicon.ico","fqdn":"duw.chachoutru.ru","domain":"chachoutru.ru","tld":"ru"},"ip":{"addr":"172.67.206.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://duw.chachoutru.ru/kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net","date":"2025-10-07T13:05:47.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"chachoutru.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 14:29:26 GMT","end":"Sun, 14 Dec 2025 15:26:39 GMT"},"fingerprint":{"sha1":"BF:39:CD:95:24:17:7E:CC:43:86:7A:F1:33:C3:82:D0:1A:8E:4D:4D","sha256":"84:94:44:4D:00:37:B2:4B:4C:B5:6B:08:A8:4F:FC:6A:79:B7:17:E8:73:0E:EE:59:F6:B5:32:03:3B:86:8B:8C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: duw.chachoutru.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://duw.chachoutru.ru/kubIVjOkufDnOfK@h/$walnutcove.executivedir@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6ImNLakZaQjcxU3NRaXRWaUt4OStscVE9PSIsInZhbHVlIjoiaXk5Z1NKUXMycnVBUXlqWExMTEdlMU5oako5TFVtSm9ndjIrQWN1aWVPZTRoSUxxWEt3QmNNMUtQaGlRQjJ5aXVxR29xRTNhbHg5NGVqb1FaVVJTekNQSnVpNC9XNkUrekVIRjE0aTh2ZTBqbDlBU3FqN1l0dzJRRkV1WVhDMXQiLCJtYWMiOiI1YWFkNGY0MWE4YmQwODJlOGRjMWY3Mjc5NzVkNGVlZjJhZWM5NzNiMTcyMmE3ZDliNzMxYmI1YTA0ZWUxMTI0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhaRzFyejdScHFRZEV4bVJ4L3FKZHc9PSIsInZhbHVlIjoiNWZxMGVVNHJoVDJDTHVyemRMVDNIN2hsYUNqVFRxUWlSL2F0R0JXVUVUd2ZCM2Z3WWR0QjZpNndHdnJJZXc0Wm0ydXR0YWtrVXlQSUJVOXBXdUNuK3I2Qy9obFczcXNEZjUwckZEL0hvMjl3dTFuTnBaMnp3ZmpCUDdFMlpueUIiLCJtYWMiOiJjMGJmZTkxYjY0MWYzNGU4ZDI4OTcyODU0ZTU4MTNjMzliZjBhNmM2ZDZjM2QxZTM0MTdlMTNhMTFhNjhmMjg4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 07 Oct 2025 13:05:47 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ChA2BWyslFDdW%2BGRI9stgT%2F1%2FIxgSb%2FmLBPl8pZwdciVT7LpSuDJv6G7%2BQNy2IPZohfamYXG87247VjNpvRkT7qLRtHm1ouVIwOrkUQ%2FXz4%3D\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6InhPclh2NG1qNzVidXhQb0gyZU94SEE9PSIsInZhbHVlIjoiSzJZcG43a2h4MmxTRHpCcGRGTFVWRXZyVWw3UUpKdjk4d0pFZWhmd0s3QnM0ZjFsQkhmWWFLd2U2bG0rcHJKRXVMbWltMW1aL2xiS2xJL0VldmpvTE1QTkdoWlFDeFhRUEQraDVWbFc4R1BqcHdsSzBod2ZmRHhiTFREY29xN1giLCJtYWMiOiJjNzA5YWM5MWFmODg0ZTk5NjI0ZjA1YTVjMjBhZjJlMTdlYjEyYjk4MzRmNTJlNDlkOGZkNzdiMDhkMDVkN2M3IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 07 Oct 2025 15:05:47 GMT\nlaravel_session=eyJpdiI6Im9GcXJSQjFiQ0JMa2szVXBNWUtaS2c9PSIsInZhbHVlIjoiczhJYjVnaUQ5bEV1RkhDVjArRTR6ZXVkOEVkUHNyR2NxQkhXakpSenRUYXdUU2ZnN0NSVHZSRE43N1c2bnVlelQ5YzhRUFdJdDljdkFiTDUvUHdiaFVEUnZYSzI0ZUY4ODI1U3p5ajJiRUVrcDZTU2R4ZnhXeHVUZVd4VFpkcVEiLCJtYWMiOiIzNjBkNzcyNzc0NDgzNGUwYmE0MjE0MDMxNThhNmVjZjdkNzNkNmE4ZTg1M2NjNjk2ZTgwYzdhOTFjNDliMjc4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 07 Oct 2025 15:05:47 GMT\r\ncf-ray: 98ad9cacbad856c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8377,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (317)","md5":"a9c530e2c5a14b9a586ee9419a9d40aa","sha1":"a2496e730ab3a4202ead3e5d36daeb1dc6100ca6","sha256":"89b7bcfe4a3df577e9b269fc601361a40a3f6f04463e548ed0f337fe159cbad9","sha512":"621f6baeb80b5cadcf043207d99de6cec65de78fb089d6f3bf34547f6fc7e92efa4a9e35c1e2854ccf155b9f6f6773a561c1654bea38e005ad663cb8931732d8","ssdeep":"96:uaTh/yOBJjRN3KJ2PO4u3Bnr94xccYp6UNNfvPlYf+lc2:uaThqOBJjzI2P0pcoUfA","tlshash":"a602526112f224bb10ab89e3b5611f72ace1c107ca6bc10571bd42a63feac42adc331d","first_seen":"2025-09-22T02:30:39.560105Z","last_seen":"2025-10-14T15:18:58.000163Z","times_seen":693,"resource_available":false,"data":null}},"time_used":740,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":740,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"duw.chachoutru.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}