{"report_id":"5409ade1-3eed-4a9c-baf7-5a91fb010c7c","version":6,"status":"done","tags":[],"date":"2025-03-25T21:02:03Z","url":{"schema":"http","addr":"185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"ip":{"addr":"185.246.84.66","port":0,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"https","addr":"185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"title":"Request failed"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-03T21:02:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"185.246.84.66","ip":{"addr":"185.246.84.66","port":80,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":4,"received_data":129136,"sent_data":2239,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-25T21:01:39Z","timestamp":1742936499,"ip_dst":{"addr":"172.18.0.26","port":56932,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-03-25T21:01:39.311121+0000\",\"flow_id\":1361719812417191,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.246.84.66\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":56932,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=iko-rmb.cpprx.info\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"3A:83:DD:4A:DF:7A:C8:D3:6C:77:D0:70:39:3D:FC:9A\",\"fingerprint\":\"ab:5b:9e:e8:b5:47:fe:7d:d9:ae:64:86:0a:3a:65:9d:46:7d:02:f8\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-03-14T00:00:00\",\"notafter\":\"2025-06-12T23:59:59\",\"ja3\":{\"hash\":\"3271cf62f45f551e79405f26e227ebda\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"6aea764ee67f71caf3dc723118906199\",\"string\":\"771,49200,65281-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1152,\"bytes_toclient\":4312,\"start\":\"2025-03-25T21:01:39.190119+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"ip":{"addr":"185.246.84.66","port":80,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"e41aff65681b047e75b179856793c01d","sha1":"d1cc3d3b77ad212678d36cc2ff4c98189b347660","sha256":"29eb3fb8642465af3ae358dcce10ca84a382ac46b58470f6c2f98a04ef2f18cc","sha512":"d89d8cdbc122774d0cf18d1493335f415cb407efe27078ec0bc6945c68f6e0f290b21bce238ddb3fb802e6811c4894bf1bce96c1fbae5b45bbaa0580e3513bac","ssdeep":"","tlshash":"8bf0e57f3229453e077bf11a434bf6697416001268e3ae723e6e0b243f84b494de2ad0","size":446,"data":"","first_seen":"2025-03-04T23:21:03.502519Z","last_seen":"2026-03-29T17:19:20.394274Z","times_seen":134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"ip":{"addr":"185.246.84.66","port":80,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-25T21:01:39.771Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv HTTP/1.1\r\nHost: 185.246.84.66\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":621,"data":"[{\"id\":\"2bdbde9c864f942bd79f055a49f3e2cb\",\"createdAt\":1742936472053,\"event\":\"pageview\",\"accountId\":\"f9f0c20b-eb07-4cc9-8df6-12978feebb30\",\"device\":\"aaf1b20f-489c-4783-b741-2f4f011f3c5b\",\"sessionId\":\"bfc5aae0-cd97-48d6-9299-21bc469716d3\",\"metadata\":{\"event_version\":\"3.0.2\",\"traffic_origin_params\":{},\"uri\":\"https://special.visionbreakthrough.com/?hop=kantitech\u0026hopId=eb324d78-fc13-4075-924a-ef6c32cfe3d1\u0026pid=vsl\",\"product\":\"vturb\",\"media_id\":\"66e0bea0b6fa8f000b460462\",\"player_id\":\"66f48097f22786000b3ff14c\",\"media_type\":\"video\",\"domain\":\"special.visionbreakthrough.com\",\"path\":\"/\",\"player_version\":\"1.34.21\"},\"data\":{}}]"}},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Tue, 25 Mar 2025 21:01:39 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":9077,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":33,"dns":0,"connect":37,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"ip":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-25T21:01:39.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"iko-rmb.cpprx.info","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 14 Mar 2025 00:00:00 GMT","end":"Thu, 12 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AB:5B:9E:E8:B5:47:FE:7D:D9:AE:64:86:0A:3A:65:9D:46:7D:02:F8","sha256":"C7:A2:5C:3F:ED:BB:EE:E1:4B:72:70:B7:7D:79:58:20:E5:A2:E2:C6:73:3A:CA:B6:21:0D:0E:1D:D2:7E:D8:1F"}}},"request":{"raw":"GET /download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv HTTP/1.1\r\nHost: 185.246.84.66\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Tue, 25 Mar 2025 21:01:39 GMT\r\ncontent-type: text/html\r\ncontent-length: 9077\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":null,"data":{"size":9077,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (9226), with no line terminators","md5":"85bfe6db8817165c90d6c9db372be678","sha1":"5ac373d0b883ece7ca824bce19f4db2735c73c50","sha256":"44ffc5b63d453f926cfef4fa6c33ed0f2fa107c4f2172126c01b2ae03000c613","sha512":"ca37b56e4f2ef225ed559f2dbff9c36f07ef5750a65f4ce28a2c835ac3d6948adf0ed62dc61870ef1b63fd4f50559b907606498f37ef29b024f1c1d1e35f9750","ssdeep":"96:lEpPt153C9lQNbUoYdvAifWJD3nZGP3qHbcR0Dl2pwh5/tj+J6kYvTxQ4x+ZXaRy:ly11WlL9yJ8PEkewE51aQkYv9FUXGy","tlshash":"81123c3ff89418ba52136f9503d3a2b4bd2e7a884673857a3f6c6353a38895184c56dc","first_seen":"2025-03-25T21:02:07.34275Z","last_seen":"2025-03-25T21:02:07.34275Z","times_seen":1,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"185.246.84.66/favicon.ico","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"ip":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"https://185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv","date":"2025-03-25T21:01:40.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"iko-rmb.cpprx.info","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 14 Mar 2025 00:00:00 GMT","end":"Thu, 12 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AB:5B:9E:E8:B5:47:FE:7D:D9:AE:64:86:0A:3A:65:9D:46:7D:02:F8","sha256":"C7:A2:5C:3F:ED:BB:EE:E1:4B:72:70:B7:7D:79:58:20:E5:A2:E2:C6:73:3A:CA:B6:21:0D:0E:1D:D2:7E:D8:1F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 185.246.84.66\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":785,"data":"event=1\u0026data=%7B%22localStorageSupported%22%3Atrue%2C%22queryString%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22websiteId%22%3A%2259b81a968dd041b205523493%22%2C%22templateId%22%3A%2255f0aac0e4b0f0a5b7e0b22e%22%2C%22website_locale%22%3A%22en-US%22%2C%22userAgent%22%3A%22Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0%22%2C%22clientDate%22%3A1742936469141%2C%22viewportInnerHeight%22%3A1024%2C%22viewportInnerWidth%22%3A1280%2C%22screenHeight%22%3A1024%2C%22screenWidth%22%3A1280%2C%22url%22%3A%22%2F%22%2C%22pagePermissionTypeValue%22%3A1%2C%22title%22%3A%22Home%22%2C%22collectionId%22%3A%2259bfe5b7f5e2319206e3f79b%22%7D\u0026ss_cvr=089a743d-970a-452d-b9e4-87fc7caa130a%7C1742936469141%7C1742936469141%7C1742936469141%7C1"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 25 Mar 2025 21:01:40 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 100919\r\nlast-modified: Fri, 01 Nov 2024 20:17:42 GMT\r\netag: \"67253766-18a37\"\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":100919,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel","md5":"dffd9354b07b4b6fb78ef061376e5fd5","sha1":"6f80c3fe9c1ad984eb9bf588a4ebf005255a0643","sha256":"74d7e2196ace54d5845d6f2d3022ee1eaa635a067ad5974f68bf2554630ebca4","sha512":"f73c4cd76fdf5365c07d3d3092eb51dc35dcab011f3664ec4ed2b424d1110d06b0ad89761542e7d97b78cbbf5f9613d2d16e2b39375d5ffb4a86f247c6ab0c41","ssdeep":"48:1+4YSihT4leOnnnnnnny3333333lnnna///zuu3AAWnezP7n/:SPTvOnnnnnnnannn0uuCnwj/","tlshash":"83a3b35fe11c9227d1a9fb71b911f2caa6392ff4d73616016ba7667e8fde8040e70108","first_seen":"2023-05-04T00:21:13Z","last_seen":"2026-03-29T17:19:20.393712Z","times_seen":206,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":175,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"185.246.84.66/download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"ip":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-25T21:01:39.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"iko-rmb.cpprx.info","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 14 Mar 2025 00:00:00 GMT","end":"Thu, 12 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AB:5B:9E:E8:B5:47:FE:7D:D9:AE:64:86:0A:3A:65:9D:46:7D:02:F8","sha256":"C7:A2:5C:3F:ED:BB:EE:E1:4B:72:70:B7:7D:79:58:20:E5:A2:E2:C6:73:3A:CA:B6:21:0D:0E:1D:D2:7E:D8:1F"}}},"request":{"raw":"GET /download/web/682c62fa-f9e9-4f3b-9882-782b2ded599b/NightofRevenge_1.07.7z?__cpo=aHR0cHM6Ly9zdG9yZTkuZ29maWxlLmlv HTTP/1.1\r\nHost: 185.246.84.66\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":6432,"data":"{\"query\":\"\\n  query MainContentQuery($brand: Brand!, $locales: [String!], $input: MainPageBlocksV1Input!) {\\n    main_page_blocks_v1(input: $input, brand: $brand) {\\n      blocks {\\n        __typename\\n\\n        ... on ContentlessBlock {\\n          type\\n        }\\n      \\n        ... on CityPOIsBlock {\\n          city {\\n            ...locationMainPageFields\\n          }\\n          pois {\\n            ...locationMainPageFields\\n          }\\n        }\\n\\n        ... on CityPOIBlock {\\n          city {\\n            ...locationMainPageFields\\n          }\\n          poi {\\n            ...locationMainPageFields\\n          }\\n        }\\n\\n        ... on POICompilationBlock {\\n          ark_id\\n          title \\n          cta_button_text\\n          is_country_title\\n          pois {\\n            location {\\n              ...locationMainPageFields\\n            }\\n            country {\\n              ...countriesFields\\n            }\\n            poi {\\n              ...locationMainPageFields\\n            }\\n          }\\n          subtitle_text\\n          footnote\\n          brand_settings {\\n            logo_url\\n            block_color {\\n              dark_theme\\n              light_theme\\n            }\\n          }\\n        }\\n\\n        ... on CityPOICollectionBlock {\\n          city {\\n            ...locationMainPageFields\\n          }\\n          pois {\\n            ...locationMainPageFields\\n          }\\n        }\\n\\n        ... on LocationsCompilationBlock {\\n          title\\n          tag\\n          locations {\\n            ...locationMainPageFields\\n          } \\n        }\\n\\n        ... on HotTicketsBlock {\\n          offers {\\n            price {\\n              ...priceWithDestinationCityIataFields\\n            }\\n            old_price {\\n              value\\n            }\\n            trip_type\\n          }\\n          cities {\\n            ...citiesFields\\n          }\\n          airlines {\\n            ...airlinesFields\\n          }\\n          airports {\\n            ...airportsFields\\n          }\\n        }\\n\\n        ... on PromoKorocheBlock {\\n          guide {\\n            ark_id\\n            city_iata\\n            title \\n            image_url\\n            depart_date\\n            badge {\\n              text\\n              style {\\n                background_color\\n                text_color\\n                is_promo\\n              }\\n              icon {\\n                svg\\n                pdf\\n              }\\n            }\\n          }\\n        }\\n\\n        ... on WeekendsBlock {\\n          weekend_prices {\\n            price {\\n              depart_date\\n              return_date\\n              value\\n              ticket_link\\n              currency\\n              origin_city_iata\\n              destination_city_iata\\n            }\\n          }\\n          places {\\n            cities {\\n              image_url\\n              ...citiesFields\\n            }\\n            airports {\\n              ...airportsFields\\n            }\\n          }\\n        }\\n        \\n        ... on CityVideoBlock {\\n          image_url\\n          video_url\\n          video_id\\n          text\\n          action_type\\n          city_info {\\n            ...citiesFields\\n            city {\\n              ark_id\\n            }\\n          }\\n          min_price {\\n            value\\n            currency\\n          }\\n        }\\n\\n      ... on BlogLinkBlock {\\n        title\\n        description\\n        button_text\\n        url\\n      }  \\n\\n        ... on PopularDestinationsBlock {\\n          origin_city {\\n            iata\\n            translations(filters: {locales: $locales})\\n          }\\n          directions {\\n            country_iata\\n            image_url\\n            min_price {\\n              value\\n              currency\\n            }\\n          }\\n          places {\\n            countries {\\n              ...countriesFields\\n            }\\n          }\\n        }\\n      }\\n    }\\n  }\\n\\n  \\nfragment locationMainPageFields on LocationMainPageV2 {\\n  main_tag(filters: {locales: $locales})\\n  min_price {\\n    value\\n    currency\\n  }\\n  entity {\\n    iata\\n    name(filters: {locales: $locales})\\n    type\\n    ark_id\\n    slug\\n  }\\n  content {\\n    __typename\\n    ... on POIContent {\\n      ark_id\\n      poi_id\\n      tabs_entities {\\n        id\\n      }\\n      description(filters: {locales: $locales})\\n      images {\\n        image_url\\n      }\\n      start_date\\n      end_date\\n    }\\n    ... on CityContent {\\n      ark_id\\n      images_urls\\n    }\\n    ... on IslandContent {\\n      ark_id\\n      images_urls\\n    }\\n    ... on RegionContent {\\n      ark_id\\n      images_urls\\n    }\\n    ... on CountryContent {\\n      ark_id\\n      images_urls\\n    }\\n  }\\n}\\n  \\nfragment priceFields on Price {\\n  depart_date\\n  return_date\\n  value\\n  cashback\\n  found_at\\n  signature\\n  ticket_link\\n  currency\\n  provider\\n  with_baggage\\n  segments {\\n    transfers {\\n      duration_seconds\\n      country_code\\n      visa_required\\n      night_transfer\\n      at\\n      to\\n      tags\\n    }\\n    flight_legs {\\n      origin\\n      destination\\n      local_depart_date\\n      local_depart_time\\n      local_arrival_date\\n      local_arrival_time\\n      flight_number\\n      operating_carrier\\n      aircraft_code\\n      technical_stops\\n      equipment_type\\n      duration_seconds\\n    }\\n  }\\n}\\n\\n  \\nfragment priceWithDestinationCityIataFields on Price {\\n  ...priceFields\\n  destination_city_iata\\n}\\n  \\nfragment airlinesFields on Airline {\\n  iata\\n  translations(filters: {locales: $locales})\\n}\\n  \\nfragment citiesFields on CityInfo {\\n  city {\\n    iata\\n    translations(filters: {locales: $locales})\\n  }\\n}\\n  \\nfragment airportsFields on Airport {\\n  iata\\n  translations(filters: {locales: $locales})\\n  city {\\n    iata\\n    translations(filters: {locales: $locales})\\n  }\\n}\\n  \\nfragment countriesFields on Country {\\n  iata\\n  translations(filters: {locales: $locales})\\n}\\n\",\"variables\":{\"brand\":\"AS\",\"locales\":[\"ru\"],\"input\":{\"auid\":\"SXI3RGfjGaJIM1BKZVM4Ag==\",\"market\":\"ru\",\"origin\":\"OSL\",\"origin_type\":\"CITY\",\"currency\":\"rub\",\"trip_class\":\"Y\",\"passport_country\":\"RU\",\"language\":\"ru\",\"application\":\"selene\",\"poi_compilation_limit\":50,\"countries_limit\":30,\"weekends_params\":{\"dates\":{},\"add_extra_days\":false},\"features\":{\"weekends\":true,\"city_video\":\"\"},\"hot_tickets_params\":{\"trip_type\":\"OW\"}}},\"operation_name\":\"main_page_blocks_v1\"}"}},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Tue, 25 Mar 2025 21:01:39 GMT\r\ncontent-type: text/html\r\ncontent-length: 9077\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":null,"data":{"size":9077,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (9226), with no line terminators","md5":"85bfe6db8817165c90d6c9db372be678","sha1":"5ac373d0b883ece7ca824bce19f4db2735c73c50","sha256":"44ffc5b63d453f926cfef4fa6c33ed0f2fa107c4f2172126c01b2ae03000c613","sha512":"ca37b56e4f2ef225ed559f2dbff9c36f07ef5750a65f4ce28a2c835ac3d6948adf0ed62dc61870ef1b63fd4f50559b907606498f37ef29b024f1c1d1e35f9750","ssdeep":"96:lEpPt153C9lQNbUoYdvAifWJD3nZGP3qHbcR0Dl2pwh5/tj+J6kYvTxQ4x+ZXaRy:ly11WlL9yJ8PEkewE51aQkYv9FUXGy","tlshash":"81123c3ff89418ba52136f9503d3a2b4bd2e7a884673857a3f6c6353a38895184c56dc","first_seen":"2025-03-25T21:02:07.34275Z","last_seen":"2025-03-25T21:02:07.34275Z","times_seen":1,"resource_available":false,"data":null}},"time_used":789,"timings":{"blocked":376,"dns":0,"connect":34,"send":0,"wait":37,"receive":0,"ssl":330},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}