{"report_id":"58b49680-aad2-415d-b072-53375b5179fc","version":6,"status":"done","tags":[],"date":"2025-10-15T12:02:10Z","url":{"schema":"http","addr":"obmenvsem.org/info.php?id=5053348","fqdn":"obmenvsem.org","domain":"obmenvsem.org","tld":"org"},"ip":{"addr":"82.192.80.133","port":0,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"ru.obmenvsem.cc/info.php?id=5053348","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"title":"Ошибка 404 - Файл не найден."},"submit":{"url":{"schema":"http","addr":"obmenvsem.org/info.php?id=5053348","fqdn":"obmenvsem.org","domain":"obmenvsem.org","tld":"org"},"ip":{"addr":"82.192.80.133","port":0,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-19T12:02:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ru.obmenvsem.cc","ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-11-01","domain_rank":0,"first_seen":"2024-11-09T19:54:56.280918Z","last_seen":"2025-10-14T15:38:23.629291Z","alert_count":0,"request_count":12,"received_data":1058613,"sent_data":6189,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tuhesok.com","ip":{"addr":"88.208.46.40","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-07-31","domain_rank":758811,"first_seen":"2024-08-14T15:26:51Z","last_seen":"2025-10-14T15:38:23.631002Z","alert_count":0,"request_count":1,"received_data":44036,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.pncloudfl.com","ip":{"addr":"104.20.30.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-04-20","domain_rank":95245,"first_seen":"2021-06-07T14:28:03Z","last_seen":"2025-10-13T20:35:13.360267Z","alert_count":0,"request_count":3,"received_data":513444,"sent_data":1458,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"kuolkoola.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-20","domain_rank":47044,"first_seen":"2025-05-08T22:43:24.287422Z","last_seen":"2025-10-09T00:15:08.808386Z","alert_count":0,"request_count":2,"received_data":5597,"sent_data":1053,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"rkgwzfwjgk.com","ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2023-03-06","domain_rank":637113,"first_seen":"2023-03-06T09:55:17Z","last_seen":"2025-10-14T15:38:23.807593Z","alert_count":4,"request_count":4,"received_data":195247,"sent_data":3944,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"obmenvsem.org","ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2019-04-02","domain_rank":408132,"first_seen":"2019-04-04T17:17:42Z","last_seen":"2025-10-10T20:41:55.378467Z","alert_count":0,"request_count":1,"received_data":35717,"sent_data":501,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ru.obmenvsem.cc/info.php?id=5053348","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":80,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"3c73bb66baefd0ef297e04a7a1cc8723","sha1":"5534fd27be3741b17ca991213d160cf72ce8964a","sha256":"c6f5c3673fe8c3597f7e433fa278373e5086ab99523bb753276e6749ecd4686a","sha512":"9a8e5c95b1476cc51266240cb9ea13c6e70cbf32bcaaec635ab3edbd614f931af437114eb7e604540b3fe01939611a9105c2c14dfdf2fe7152e0f7a9b6d0dd1d","ssdeep":"","tlshash":"5f21239759525eb0eafbf07a643fc7de38f04a15d9118105eb9d4c58c6a8e9f3051058","size":1139,"data":"","first_seen":"2025-10-15T12:02:14.389432Z","last_seen":"2025-10-15T12:02:14.389432Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/js/main.js","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"8d257a979132a6cd272e6072a81747d1","sha1":"655d47cababf48fe99e0a149602c9d5f1b0d105e","sha256":"fa485a2a4611dfcd82c2ca21eec1a78d3a1ab492862d6e56bc0526865337fcd4","sha512":"010fedbeadbd89e8e48d1021f63deab783b4581759597f9560341abe57a46876da6c82d4cdbb980e5f8d8eb995d97579c9b1618d2cc1e46114a94ed32025796a","ssdeep":"12288:rSB7qB7WKK4aIiuyW+aux8HNhvu/m2mVrd7y:rSB7qB7mIiusx8HN8/m2mRd7y","tlshash":"78d42ac87281742247d7b0b5502f520ab23a9969580dc16cf62df9d52fb8e4de23bf78","size":624805,"data":"","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.892415Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/info.php?id=5053348","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":80,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"804e9c6457e79cb0eef26f4e6016e591","sha1":"57de8d7f8a3befb312e6f01b250772c2f9bd88f9","sha256":"d091d31dbb0755845f1b5e4bad22049f0c4a7b0f45b9395f4821fa5aa64e4174","sha512":"48e3f690c19ecd4f4bebac595b1734933d65d52df1a0a76bc7b1c8385dd91e3f1a2c6354a31c75595b35efa2772850e32bce3b81d2de048634ede17a45e70dfc","ssdeep":"","tlshash":"660178be481711305bb720c9222fb381640e50674c6ef860bacccd006f6de1b8921dd8","size":791,"data":"","first_seen":"2024-12-01T13:23:16.736837Z","last_seen":"2026-04-03T15:41:56.891738Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuhesok.com/58854.js","fqdn":"tuhesok.com","domain":"tuhesok.com","tld":"com"},"ip":{"addr":"88.208.46.40","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"cce286a76c98655126ff55a5d756c2b9","sha1":"99eca2b5d02d57a7f6450cbdf902687ba16826d8","sha256":"9f3ad4589604825d80a022d66034f12bb86487f9215ecddc1f14499c7878f362","sha512":"2cadbc7194d6c75db3d962d25886f6c7aa1bdb8ba2ba7f8f9b23f8731862186dea096c7f3cb823f57c2d7fc10c302902d3ca2600642924039847e608deb53add","ssdeep":"768:jCEb5lCr9FbMv1gEEGZ2iPJT4VH4qiWDHV/8wUz:/AqJs14SDHV/8zz","tlshash":"20132c9932927025726ea9e1537f270af37e691748b55c00c603f8803a24edef227f9d","size":43506,"data":"","first_seen":"2025-09-06T15:06:29.605554Z","last_seen":"2025-12-03T12:51:21.521007Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/i/npage/1861886/code.js","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c53eb400c897c060bd4f96f8a8fcc36","sha1":"a53c96f2c9429cc78f14dc3aafba305d45f4cf97","sha256":"2a844f7ed33ae87cff439f6d353bfd7a5e22a97e8f022c35343fb0df585919d5","sha512":"4aee8b88ac7955816dfd1cfd20a53a7ad007dfd8cbd3f94cb12c60e57149f017ddb10198d1ee96d8ed0e79cb1263bb0e814ad521484b23fed5efb7047a8c7170","ssdeep":"1536:7hYqivfi5G1V14QHAaySytJCSQGJtbw5qx7cO7gixRk/hqJd6b7Yj9FvZmDMNVR7:7hYpy8upTb8KtbIHOOEP9hAKri2k4dVB","tlshash":"8304824c2ac1ef3582068139dfebf69ee7b558d6ae4de044cc22c1b914666c78323e75","size":182771,"data":"","first_seen":"2025-10-14T15:38:28.127308Z","last_seen":"2025-10-15T22:54:35.651051Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/get/1861886?zoneid=1861886\u0026jp=_clvwfbhzzcomwhidiuemtm\u0026dr=102\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.612\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=7qwrn0aaHR0cHM6Ly9ydS5vYm1lbnZzZW0uY2MvaW5mby5waHA%2FaWQ9NTA1MzM0OA\u0026afid=7996677422883328\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026dto=2\u0026pload=728\u0026rlp=%5B0%2C42%2C46%2C25%2C627%2C1066%2C614%2C1020%2C0%5D\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0\u0026freq=0","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2a783ed2062c6f06dc64d9fcf4991a0","sha1":"acc9346ec5bf37041bbb86477b7892279812319b","sha256":"1d914d8268e1c6b591de56b956a4e85b381c25fd7c4af05fe3aa50d973c26b69","sha512":"bfdd834c59bbd07b3f484286377c8c1e645ffb708323ce34171cf4b37901f5b0fdb0033dfc10e70374620dc0ca6829c5733fac8ef8d4f73ffa6ce59d95e3a487","ssdeep":"96:OZEbVllkEzUavz+ks9h8Bi8jqkgtvxIWqG1Ik4fK+TVUez8nkS2OVAHpg87+x/zL:9l7Zz28k6GxDIxzTOVAC8KdskREK","tlshash":"f5f16c45e847cc9cac80964b2f31fd16f8c14c74aa213778cb71dab1678167a2a16ef2","size":7789,"data":"","first_seen":"2025-10-15T12:02:14.383184Z","last_seen":"2025-10-15T12:02:14.383184Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/info.php?id=5053348","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":80,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"66289c448b06f4e98dbfc72bdd14b48c","sha1":"23bf4efce3b24c35a4e9d794e9bdeec20cc34ebd","sha256":"85fd3462920a62fe3dcd3b040eb235945fe1e4289b867a6d248bd075664d149b","sha512":"989b97cc10346d63b48d32d06c755b0abb5ecb368ecfbca1d9eda9245b62bd20580f7a00103cff32779f89673488b5ec4f17cc69f664e1d8642be78be5d3736e","ssdeep":"","tlshash":"d201f9af2cf250304563b0b89aafe50830635003580aac097cccc0848f94bad0b3abec","size":819,"data":"","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.896349Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn.pncloudfl.com/pn/8d7/728/3a8/8d77283a87040eaf49ba672b6b7acf3c01956ea6.jpg","fqdn":"cdn.pncloudfl.com","domain":"pncloudfl.com","tld":"com"},"ip":{"addr":"104.20.30.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.pncloudfl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 12 Oct 2025 11:22:47 GMT","end":"Sat, 10 Jan 2026 12:22:44 GMT"},"fingerprint":{"sha1":"5F:F3:87:DA:78:FE:FC:D5:F7:1B:E2:6F:99:A9:F5:88:06:1F:6D:0C","sha256":"9E:1C:41:AF:6B:2C:22:66:DB:77:8A:92:75:A0:FC:E8:37:90:0A:A6:EA:FB:D6:6D:72:71:80:40:DD:CE:20:36"}}},"request":{"raw":"GET /pn/8d7/728/3a8/8d77283a87040eaf49ba672b6b7acf3c01956ea6.jpg HTTP/1.1\r\nHost: cdn.pncloudfl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 12:01:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 4651\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncache-control: max-age=432000\r\ncf-bgj: imgq:100,h2pri\r\naccept-ranges: bytes\r\ncf-polished: origSize=5960\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\netag: 69a7989368f7957ac54307b7e9a559ca\r\nexpires: Thu, 16 Oct 2025 01:42:19 GMT\r\nlast-modified: Thu, 17 Apr 2025 13:13:19 GMT\r\nx-cdn-host-id: ds5951,ds5833\r\nx-openstack-request-id: tx0f0f8ad658ad45139ef5d-006800fea0\r\nx-proxy-cache: HIT\r\nx-timestamp: 1744895598.46967\r\nx-trans-id: tx0f0f8ad658ad45139ef5d-006800fea0\r\ncf-cache-status: HIT\r\nage: 123570\r\ncf-ray: 98ef29f9cd590b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4651,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 192x192, components 3","md5":"7657cad16249b7313c8a789216fbc2ae","sha1":"b0b9d559ce187c10605c0f89cfda4ad82e70317a","sha256":"323b03fb6e9692c5e4849c80fd2f677cd7c8edf5f1dc284b5f63335c9730d447","sha512":"7dfa269d296bae2be111282dee7b85e20ddcb263910a0fd1890e4dffa8180af9aa9fb873ac4da01546831fd0d76baa177dc53418336a3c62747d01bec563c95d","ssdeep":"96:cQ0Hd1zpY2JzcM+V+TjWImNpRPrQhAPtZATy20xoCcvt:nSd2MN/cQt22bF","tlshash":"cda118620254a3b1e98e55f4ca8847c46620dbcd84b0eb8f5e6e1738ef157830e8d1f7","first_seen":"2025-05-30T14:19:29.56472Z","last_seen":"2025-12-03T17:47:58.63085Z","times_seen":171,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":92,"dns":66,"connect":1,"send":0,"wait":8,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kuolkoola.com/52137","fqdn":"kuolkoola.com","domain":"kuolkoola.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:49.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kuolkoola.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 07:07:39 GMT","end":"Sat, 13 Dec 2025 07:36:50 GMT"},"fingerprint":{"sha1":"5D:4E:87:DA:02:9F:04:8D:C2:0E:E1:F5:70:70:3D:9D:1E:33:4D:9E","sha256":"22:A6:32:7D:E5:0D:0F:A4:D8:0A:5B:A7:28:71:0E:64:D0:EF:A4:C9:5E:F5:D3:C6:06:E8:07:A2:95:68:0F:8E"}}},"request":{"raw":"POST /52137 HTTP/1.1\r\nHost: kuolkoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru.obmenvsem.cc/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 139\r\nOrigin: https://ru.obmenvsem.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 12:01:49 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://ru.obmenvsem.cc\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-request-id: 79d1d64e0734d984320b3323c61200c3\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nx-ng-name: front7\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QxL6iTo396AFHpXx%2B2i5sijT%2BvzQKa9lnUtO1M%2FwO6Yq%2FTZOugjDCS3TQLGxkrv8GY1kMoY2aB%2BONSrPIL7X2wSwUqDP74rSR%2F%2B2zMA%3D\"}]}\r\nset-cookie: userid=479cb5fa-3f76-4dbd-bc6d-cf01814cc925; SameSite=None; Secure; Path=/; Expires=Tue, 15 Oct 2030 12:01:49 GMT\r\ncf-ray: 98ef29fe4f60a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3254,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"82398017c1703b5ddacbcebf45f79595","sha1":"39f7321e4c51ceec14d7f23dde7537bc7772be86","sha256":"5ace912d566e42c619ec0c56fd78e6b7532857665cd5616ea8c915e2f7b10a7f","sha512":"d9682f1368119730007a36924bcc7afc6aaf45986e83529c32522f8bc1c86741d5dfc05bd74fefeb245fe05cad1ee47e9bad0310ebf46c77782d85f26da1bc03","ssdeep":"","tlshash":"776175cb26f9822f81c53cdad7725c7d70268d98df4a439aefd6a41bd81b1344b09388","first_seen":"2025-10-15T12:02:14.299514Z","last_seen":"2025-10-15T12:02:14.299514Z","times_seen":1,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":83,"dns":34,"connect":1,"send":0,"wait":45,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kuolkoola.com/event/set","fqdn":"kuolkoola.com","domain":"kuolkoola.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:49.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kuolkoola.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 07:07:39 GMT","end":"Sat, 13 Dec 2025 07:36:50 GMT"},"fingerprint":{"sha1":"5D:4E:87:DA:02:9F:04:8D:C2:0E:E1:F5:70:70:3D:9D:1E:33:4D:9E","sha256":"22:A6:32:7D:E5:0D:0F:A4:D8:0A:5B:A7:28:71:0E:64:D0:EF:A4:C9:5E:F5:D3:C6:06:E8:07:A2:95:68:0F:8E"}}},"request":{"raw":"POST /event/set HTTP/1.1\r\nHost: kuolkoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru.obmenvsem.cc/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 145\r\nOrigin: https://ru.obmenvsem.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: userid=479cb5fa-3f76-4dbd-bc6d-cf01814cc925\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 12:01:49 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://ru.obmenvsem.cc\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST\r\naccess-control-allow-headers: Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d4Ik00UwtegiX9ZeAIOOuDYyIceCYSztGXQg3WaWAY9%2FcV7vGJ3jhRsw%2Be9eczZZC4qW2C243RwV6ZWbgM%2BTVkvesYYdH9H2dFx7FWY%3D\"}]}\r\nvary: Accept-Encoding\r\nx-request-id: 5579d6fcfc8c3c0c005ee603c00f1617\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nx-ng-name: front7\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98ef29feb842a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/chicken.gif?z=1861886\u0026pb=9ae5fe10bc651bac552a19844a4cabc01760536908\u0026pbc=vWmLo1UxYmlMqe9o\u0026pbi=gbG-WFS6eMRMqe9o\u0026pbu=j4ECVtCQmuZMqe9o\u0026psp=axvq37gerJV-rCmhekkvvpwwCgjyzgo4I_uYvht8jFU-YGxDHWnQiYfv9jTeN6972ajLZRWOhmPvSRnN6xrtjwcphh4shb2HjoNLSAuzgxEaJFbvrmseXzwwwDdBtj8npIRWRAIA36g3u8MK8kxRFGDfd7ElKMZR8bByrZ9JXbSD6x39EUL_arSCBXT6bu5RcYwvIz5htvRDr5SWHuVThDuzVQMlR7DfxuGNhRFltTCBspsROyzu1V5y3FZSHRkQGrX5nDNWJVbM2iq8-DJ6WMdPkhC1_G_a8Bs43aN7BscgQ7uK6136s93P27eUIUJ3oCQH84vYy25Dko1UjDzQIclPow54_IZyMYWgZo__Hv8zNUbvSD0rWGGgId0Hi9nJfEAurMD1hybr3lw-StQECyBGPTmPnZ3-t7-Ns0Gd80c7IPVqLr3uFou8eXbRntHnaO1ac60oX5JGcFoY2-q-45ouyN_D8F0Z8h5ctf6SrepOn6j_5ryeM7mwuZn-0gkBkETuhaDOQu-doCJxOF4yt40rtx_Y4gdyiet_c_FXWuGJ4vmPyhBaYBov3wfXtQuB0e-r_-i-cvOXQem52L-Ev4H9rZL0tg0YqkGfvR3YY8eJxJpnGEDpueUMvRxTD-nSX1gGYuBBybbMBtK0wv12R9jnsxUu-Ean_NT-thjpq7ug1kdOz4HxwcIEZHUdkmuMsShVCMeL-DN2tZYTNCKADI7SpFLTCvcK8CHg5__3v9EWsdJs04AakrxPBrueQ-V-su4KHUd_bCZ6LesPbIT9q8fQWfX3HzACuM-o81tlDgggsv_SeDOaGviSHDGH5-WY3KZB5AVLIhIa_KGF\u0026freq=0\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.612\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=ECqKdUAaHR0cHM6Ly9ydS5vYm1lbnZzZW0uY2MvaW5mby5waHA%2FaWQ9NTA1MzM0OA\u0026afid=5181927655991296\u0026caifrq=ACZLEAAAAAAAAAAB\u0026eclog=0\u0026snc=0\u0026ssc=3\u0026tp=0\u0026vp=0\u0026dto=2\u0026pload=829\u0026rlp=%5B0%2C42%2C46%2C25%2C7702%2C2149%2C706%2C2103%2C1%5D\u0026im=1\u0026noch=1\u0026cs=5","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:51.023Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 16:56:56 GMT","end":"Tue, 30 Dec 2025 16:56:55 GMT"},"fingerprint":{"sha1":"4A:66:8E:92:5C:6C:40:CB:49:C5:50:10:BD:FC:BD:CB:8E:1B:5B:1E","sha256":"43:6C:46:C6:6D:36:9F:0D:F8:DE:3C:9E:14:D0:0A:1B:2C:00:32:C5:18:86:37:97:90:5E:CD:B2:F9:01:69:3F"}}},"request":{"raw":"GET /chicken.gif?z=1861886\u0026pb=9ae5fe10bc651bac552a19844a4cabc01760536908\u0026pbc=vWmLo1UxYmlMqe9o\u0026pbi=gbG-WFS6eMRMqe9o\u0026pbu=j4ECVtCQmuZMqe9o\u0026psp=axvq37gerJV-rCmhekkvvpwwCgjyzgo4I_uYvht8jFU-YGxDHWnQiYfv9jTeN6972ajLZRWOhmPvSRnN6xrtjwcphh4shb2HjoNLSAuzgxEaJFbvrmseXzwwwDdBtj8npIRWRAIA36g3u8MK8kxRFGDfd7ElKMZR8bByrZ9JXbSD6x39EUL_arSCBXT6bu5RcYwvIz5htvRDr5SWHuVThDuzVQMlR7DfxuGNhRFltTCBspsROyzu1V5y3FZSHRkQGrX5nDNWJVbM2iq8-DJ6WMdPkhC1_G_a8Bs43aN7BscgQ7uK6136s93P27eUIUJ3oCQH84vYy25Dko1UjDzQIclPow54_IZyMYWgZo__Hv8zNUbvSD0rWGGgId0Hi9nJfEAurMD1hybr3lw-StQECyBGPTmPnZ3-t7-Ns0Gd80c7IPVqLr3uFou8eXbRntHnaO1ac60oX5JGcFoY2-q-45ouyN_D8F0Z8h5ctf6SrepOn6j_5ryeM7mwuZn-0gkBkETuhaDOQu-doCJxOF4yt40rtx_Y4gdyiet_c_FXWuGJ4vmPyhBaYBov3wfXtQuB0e-r_-i-cvOXQem52L-Ev4H9rZL0tg0YqkGfvR3YY8eJxJpnGEDpueUMvRxTD-nSX1gGYuBBybbMBtK0wv12R9jnsxUu-Ean_NT-thjpq7ug1kdOz4HxwcIEZHUdkmuMsShVCMeL-DN2tZYTNCKADI7SpFLTCvcK8CHg5__3v9EWsdJs04AakrxPBrueQ-V-su4KHUd_bCZ6LesPbIT9q8fQWfX3HzACuM-o81tlDgggsv_SeDOaGviSHDGH5-WY3KZB5AVLIhIa_KGF\u0026freq=0\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.612\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=ECqKdUAaHR0cHM6Ly9ydS5vYm1lbnZzZW0uY2MvaW5mby5waHA%2FaWQ9NTA1MzM0OA\u0026afid=5181927655991296\u0026caifrq=ACZLEAAAAAAAAAAB\u0026eclog=0\u0026snc=0\u0026ssc=3\u0026tp=0\u0026vp=0\u0026dto=2\u0026pload=829\u0026rlp=%5B0%2C42%2C46%2C25%2C7702%2C2149%2C706%2C2103%2C1%5D\u0026im=1\u0026noch=1\u0026cs=5 HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cart=1; cart_p=2; CHCK=1; PTS=; UID=2510150701d1db1184040d4860b416d92392\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:50 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-route-id: stats.impression\r\nset-cookie: OACICAP=ACZLEAAAAAAAAAAB; Path=/; Expires=Fri, 14 Nov 2025 12:01:51 GMT; Secure; SameSite=None\nOACIBLOCK=ACZLEAAAAABo7ypQ; Path=/; Expires=Fri, 14 Nov 2025 12:01:51 GMT; Secure; SameSite=None\nBCAI=ACZLEAAAAAAAAAAB; Path=/; Expires=Thu, 16 Oct 2025 12:01:51 GMT; Secure; SameSite=None\nBMI=ADOwKAAAAAAAAAAB; Path=/; Expires=Thu, 16 Oct 2025 12:01:51 GMT; Secure; SameSite=None\nBCRI=Po2JKwAAAAAAAAAB; Path=/; Expires=Thu, 16 Oct 2025 12:01:51 GMT; Secure; SameSite=None\nIMC_102=1; Path=/; Expires=Thu, 16 Oct 2025 12:01:51 GMT; Secure; SameSite=None\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"28e463819a210071de3b45ebe7633613","sha1":"6dccd571828ec0912629119cf7eabfea9f33ddbc","sha256":"44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84","sha512":"8a82ac5a7883cd9b74bdb561cf825ce86474e259ad8c445e538d697b0003e3f2b1d6edcd3dc6512f4ad16e9074da204a79938257c457ecf68f4329eac0182e67","ssdeep":"","tlshash":"04900003e280e082c3a0c0300e0ccb802b88a2308a28030fb0fc2baefc3a3a20c23000","first_seen":"2023-04-05T09:26:54Z","last_seen":"2026-04-06T07:31:32.417342Z","times_seen":20522,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obmenvsem.org/info.php?id=5053348","fqdn":"obmenvsem.org","domain":"obmenvsem.org","tld":"org"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T12:01:47.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 20:46:45 GMT","end":"Thu, 27 Nov 2025 20:46:44 GMT"},"fingerprint":{"sha1":"35:D6:39:B7:6C:E9:55:4E:4D:66:D5:0D:69:72:69:51:FD:F2:40:64","sha256":"32:9D:06:DB:B6:F6:FB:4D:08:28:2F:B9:15:F2:70:69:6A:E6:E8:43:A3:8D:0E:CE:7F:67:4C:69:C4:94:4F:B4"}}},"request":{"raw":"GET /info.php?id=5053348 HTTP/1.1\r\nHost: obmenvsem.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:47 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://ru.obmenvsem.cc/info.php?id=5053348\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35485,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":95,"dns":4,"connect":28,"send":0,"wait":27,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/fonts/Gotham-Medium.woff2","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /static/new/fonts/Gotham-Medium.woff2 HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 32296\r\nlast-modified: Mon, 02 Oct 2023 08:54:28 GMT\r\netag: \"651a8544-7e28\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32296,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32296, version 1.0","md5":"77d2f5c849caf69a057994776017d8ce","sha1":"3f890dc91a3f7d23e3c4ecfc4c854ba4f7d462e9","sha256":"9afaafaa02923821bbbc7b445afe67ce68095efa6b98b8052509e1bd10ba7856","sha512":"4d46574175e1cdd054773ac52e3a9916e53348695508372983dcfb1a6cdee1b5251a38b5012387db72fbe92703c055ec376162ee4a6a633a663b805c1c1afdde","ssdeep":"768:YCSN/zWFqGNyj5SFT2QXRFMBtKXC7cXWQ1D/GPxMykzB:rS8qntSFT2NDsGQBsc","tlshash":"f6e2f1539fbc8137ea50d8bb7ba6f48cddfb48b882593a5fd067488c1a047d544e026a","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.868224Z","times_seen":108,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/fonts/Gotham-Bold.woff2","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /static/new/fonts/Gotham-Bold.woff2 HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 30124\r\nlast-modified: Mon, 02 Oct 2023 08:54:28 GMT\r\netag: \"651a8544-75ac\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30124,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 30124, version 1.0","md5":"c070aec7f7a5daf99f2df32c9288d4ec","sha1":"ad4b035eca44bd01ffe92590c8ced5999d5be321","sha256":"d6f112b6888bf69c3cb82eb2efd527c5777e76cee3f066df850f664964a4a97b","sha512":"fb0fbb190c44e7e0225cb3628a46b45e71e8d2561e196354cd14c09ff6b6a4afd2290a9e6a33839cbf7979e5a246f9b15caff557d65ab1db992b0673d236fcbd","ssdeep":"384:MGMiqGmvoOyRvsP7ttFAbQuGHxUQ7yf5oWUUIx3EqV5BoKzwL/hHaJyBh7Bt:8om777oACQ7Ge/U63Ea5BKH+Y7/","tlshash":"22d2e0839468d864afd8c6ea608744f76271a381ec903794b6b11cfa721a13f651ff20","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.883374Z","times_seen":106,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/img/obmenvsem_logo.png","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /static/new/img/obmenvsem_logo.png HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 4235\r\nlast-modified: Thu, 01 Feb 2024 08:30:07 GMT\r\netag: \"65bb568f-108b\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4235,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 404 x 80, 8-bit/color RGBA, non-interlaced","md5":"171f092d77bd1decedcabaae7631b4ec","sha1":"a1d94c66f4af64cbebfa7507b23a6cd935171c56","sha256":"2849b35cc6d1e207727ad85b969502e9bd3166c35b1554b6000568b05a5d8bc2","sha512":"036066dc423df9d1b2da97100faa1f5e53ea4a04275e4f206b9688a72000e27a4e80d05bcdfce5b98226ea4eccee7cef534ddd0ccb447b299fec8a70c86d30ae","ssdeep":"96:Q8dYxeUli5drhHM8HHey8qtxAGrcI/E34wpaitshJYnZ:Q8+ydrhs470GAIY4wdyYZ","tlshash":"4a915dec17b1fcf52f0f1e7d8801af2713a22956b9e5d1c6e641543ce01ec48b86b941","first_seen":"2025-10-14T15:38:28.296007Z","last_seen":"2026-04-03T15:41:56.878709Z","times_seen":76,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/img/sprite/sprite.svg","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /static/new/img/sprite/sprite.svg HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 96697\r\nlast-modified: Mon, 02 Oct 2023 08:54:32 GMT\r\netag: \"651a8548-179b9\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96697,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0b5d6f19f94ae3a1464bf23994bc672e","sha1":"3b031e2427a5bc6aa9c30268af8af87e3318a2f8","sha256":"276190d93ef31178bd73eae41b6a6d5a5510801d8b754a3f3e37f45eb31e4a77","sha512":"077035126cff2428c111ea1f3517b76d963ad71678ff99d6dfbb3f315f0246e7f72b0e2f0ab41288f84024f21d4c5d69014950ae8bccfae52199ec733dbe20eb","ssdeep":"1536:xEfE6HFOmrkeHb9IKDSGRAysfTKukQ6BhzmO:xOIq","tlshash":"da932dfaa3e4a2d0e907f7b0d7277475702735f93e12c56887986e64eb320ad845dc82","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.860266Z","times_seen":79,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/apple-touch-icon.png","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 2652\r\nlast-modified: Wed, 08 Nov 2023 12:00:18 GMT\r\netag: \"654b7852-a5c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2652,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit colormap, non-interlaced","md5":"14b6cbadf25e2a2e43ee83d0ae498b4d","sha1":"afbf495e86e72331b2b179ea97385eaea3e2649a","sha256":"3a1d2020f69c330d10c23692da24bcea0936f235f36f78522901171912a46566","sha512":"bb89612b4d58637ef2f0c36d1a4ec07e92d49b52cebb31bffbe1f3e8939a691fccd5a0aa23ff6187772f0f791fbf130021dd606b7b106e4cbd9397f01c6d8302","ssdeep":"","tlshash":"e2513c9a6e84b92af5c906ad338cd3885ef9c17821f97c92571c07c44d216f3b4b11b0","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.860721Z","times_seen":83,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/check.html","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 16:56:56 GMT","end":"Tue, 30 Dec 2025 16:56:55 GMT"},"fingerprint":{"sha1":"4A:66:8E:92:5C:6C:40:CB:49:C5:50:10:BD:FC:BD:CB:8E:1B:5B:1E","sha256":"43:6C:46:C6:6D:36:9F:0D:F8:DE:3C:9E:14:D0:0A:1B:2C:00:32:C5:18:86:37:97:90:5E:CD:B2:F9:01:69:3F"}}},"request":{"raw":"GET /check.html HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Mon, 22 Sep 2025 06:11:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68d0e8af-39e\"\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"088dba8e97eede53134c93219f7ebbae","sha1":"adb707654d1fe0af7d0d7a9f55660d22bd3625e4","sha256":"6da0120b4c7bc45b63fcbb87595c3c1ea2cdca482b0c48d4d2ab434f9e897aff","sha512":"23a1f87731e8aee4658993cd1ce35ec179fea80b89bf52aca7634488f1bdfcf88b9cabca4859481357a9fee06cbb49df64bbe0878b1dae0e5df4fa34003c6d80","ssdeep":"","tlshash":"6211d04934e1684c1127a6301597a2183c32a40315cbd949fb9cd7301f815a7dc596df","first_seen":"2024-11-22T16:59:41.974716Z","last_seen":"2026-03-04T10:11:28.020186Z","times_seen":13721,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ru.obmenvsem.cc/info.php?id=5053348","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":80,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T12:01:48.214Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /info.php?id=5053348 HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 12:01:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nLocation: https://ru.obmenvsem.cc/info.php?id=5053348\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35485,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":26,"dns":1,"connect":27,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/info.php?id=5053348","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T12:01:48.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /info.php?id=5053348 HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35485,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14941)","md5":"5d990206ed7ba5c77bdbad662e998a13","sha1":"d1615ea8ead701ce982db8682f14dd04427d1b80","sha256":"9f4d4f964f896d9deb1316045f5f31d7801b30f966d30f6ed2794b5a056ed587","sha512":"f23f1529791538bec707df12cf6bb7b4fa02512473b8be9e737cbcb1922f2e51ded84a9659f5d2928dd6b72ba0bfdda74cd47e5b622d1d651a20a74c2c8f89e3","ssdeep":"384:xyr+5D4FQ2+FNtYrE++wEwPrCm/us0P1iCjcs1QoSLEV1NoiZZyVJdI8UGPUR36q:gFQ2+FNt0E++umltSYZoOWJ8b6G3KKH","tlshash":"f2f27e3148f2504942a3e196df6ae71abcd2c407d00b8d41b6ed5789dfc6e562f332ae","first_seen":"2025-10-15T12:02:14.340376Z","last_seen":"2025-10-15T12:02:14.340376Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/i/npage/1861886/code.js","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 16:56:56 GMT","end":"Tue, 30 Dec 2025 16:56:55 GMT"},"fingerprint":{"sha1":"4A:66:8E:92:5C:6C:40:CB:49:C5:50:10:BD:FC:BD:CB:8E:1B:5B:1E","sha256":"43:6C:46:C6:6D:36:9F:0D:F8:DE:3C:9E:14:D0:0A:1B:2C:00:32:C5:18:86:37:97:90:5E:CD:B2:F9:01:69:3F"}}},"request":{"raw":"GET /i/npage/1861886/code.js HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 14 Oct 2025 10:55:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ee2c06-2cab1\"\r\nx-js-ab2: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":182771,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3c53eb400c897c060bd4f96f8a8fcc36","sha1":"a53c96f2c9429cc78f14dc3aafba305d45f4cf97","sha256":"2a844f7ed33ae87cff439f6d353bfd7a5e22a97e8f022c35343fb0df585919d5","sha512":"4aee8b88ac7955816dfd1cfd20a53a7ad007dfd8cbd3f94cb12c60e57149f017ddb10198d1ee96d8ed0e79cb1263bb0e814ad521484b23fed5efb7047a8c7170","ssdeep":"1536:7hYqivfi5G1V14QHAaySytJCSQGJtbw5qx7cO7gixRk/hqJd6b7Yj9FvZmDMNVR7:7hYpy8upTb8KtbIHOOEP9hAKri2k4dVB","tlshash":"8304824c2ac1ef3582068139dfebf69ee7b558d6ae4de044cc22c1b914666c78323e75","first_seen":"2025-10-14T15:38:28.127308Z","last_seen":"2025-10-15T22:54:35.651051Z","times_seen":4,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":80,"dns":43,"connect":19,"send":0,"wait":34,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/js/main.js","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /static/new/js/main.js HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 02 Oct 2023 09:59:18 GMT\r\netag: W/\"651a9476-988a5\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":624805,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17657)","md5":"b6a5b3fcb3c5763f5b0a54ccbc6a2c79","sha1":"ddbe5e8372dc5c077cffa3cefad451ac6f5016e6","sha256":"23d212556914be03a7f36dc8e2581deb7fe3e927dd40ec947ab98f6a616a6b34","sha512":"718132246cc46358d4223fd771469059dda61db6742d548873c5f6b08cd86ca481d54060adedb35e379608dd88dada38ed891d7f2e5529c11f682ffd3529d8f4","ssdeep":"12288:rSB7qB7WKK4aIiuyW+aux8PNhvu/m2mVrd7y:rSB7qB7mIiusx8PN8/m2mRd7y","tlshash":"3dd42ac87281742247d7b0b5502f520ab23a9969580dc16cf62df9d52fb8e4de23bf78","first_seen":"2025-10-15T12:02:14.349595Z","last_seen":"2026-04-03T15:41:56.878165Z","times_seen":24,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.pncloudfl.com/pn/0e2/e26/6f4/0e2e266f42dc9db06702654b475deccf94a64a2d.gif","fqdn":"cdn.pncloudfl.com","domain":"pncloudfl.com","tld":"com"},"ip":{"addr":"104.20.30.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:49.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.pncloudfl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 12 Oct 2025 11:22:47 GMT","end":"Sat, 10 Jan 2026 12:22:44 GMT"},"fingerprint":{"sha1":"5F:F3:87:DA:78:FE:FC:D5:F7:1B:E2:6F:99:A9:F5:88:06:1F:6D:0C","sha256":"9E:1C:41:AF:6B:2C:22:66:DB:77:8A:92:75:A0:FC:E8:37:90:0A:A6:EA:FB:D6:6D:72:71:80:40:DD:CE:20:36"}}},"request":{"raw":"GET /pn/0e2/e26/6f4/0e2e266f42dc9db06702654b475deccf94a64a2d.gif HTTP/1.1\r\nHost: cdn.pncloudfl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 12:01:49 GMT\r\ncontent-type: image/gif\r\ncontent-length: 497588\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncache-control: max-age=432000\r\ncf-bgj: imgq:100,h2pri\r\naccept-ranges: bytes\r\ncf-polished: status=not_needed\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\netag: 788712d8989fd197997cb2cccc55c1ea\r\nexpires: Fri, 17 Oct 2025 01:37:35 GMT\r\nlast-modified: Wed, 10 Jul 2024 15:38:43 GMT\r\nx-cdn-host-id: ds7288,ds7445,ds5951,ds7445,ds5833\r\nx-openstack-request-id: tx1c70999b3e2c4dc691ee7-0066cf3403\r\nx-proxy-cache: HIT\r\nx-timestamp: 1720625922.00109\r\nx-trans-id: tx1c70999b3e2c4dc691ee7-0066cf3403\r\ncf-cache-status: HIT\r\nage: 37454\r\ncf-ray: 98ef29f9cd5b0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":497588,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 192 x 192","md5":"788712d8989fd197997cb2cccc55c1ea","sha1":"0e2e266f42dc9db06702654b475deccf94a64a2d","sha256":"6d927f021791a078c49c7d5c92677c3f9d47aa7801e4532fd95a186c58825b19","sha512":"5dc0232771740d53781a62e985ab3cc85dfc06734df071d544de5ab21911c955e2cf2c411cf4b56c241fcbecfa3648bd8aec5ff337ed6e6cb587a8dfbae6ff76","ssdeep":"12288:V8SKUjz4XYAe/u/atap7IH5vMn7oR29v4Q39aHAo:/B4XYVsRi27oRZQ3YAo","tlshash":"86b423a8243a0137dc39d3a6dd94a41e0bb0ab901719d2a5dbd80ac37f7f18ebddc165","first_seen":"2023-05-06T05:34:09Z","last_seen":"2026-04-03T15:41:56.86696Z","times_seen":453,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":88,"dns":60,"connect":1,"send":0,"wait":6,"receive":20,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/info.php?id=5053348","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T12:01:47.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /info.php?id=5053348 HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: sid=imdsi22r2v0fr106gu2qcdiguu; expires=Thu, 15 Oct 2026 12:01:48 GMT; Max-Age=31536000; path=/; domain=obmenvsem.cc; HttpOnly\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35485,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14941)","md5":"eed2bc8e6834cf26c91e6e20c37ec75c","sha1":"44e2c56950bbfadcd3117e817180b91397c93bbf","sha256":"61989360421ab942f885f12b930258927a2f97b370117d2e68931845931c79a8","sha512":"b0f6332e3509ce3947eb1f27eb89707bdbb1f794730a8eb05ca49c547a4d5f704b9b521834045d68f3dbf9190ee68418dee5ac253eaee44c587ed7508961ccfe","ssdeep":"384:xyr+5D4FQ27FNtYrE++wEwPrCm/us0P1iCjcs1QoSLEV1NoiZZyVJdI8UGPUR36O:gFQ27FNt0E++umltSYZoOWJ8b6G3KKz","tlshash":"47f26d3148f2504942a3e196df6af71abcd2c407d00b9d41b6ed4789dfc6e562e332ae","first_seen":"2025-10-15T12:02:14.358983Z","last_seen":"2025-10-15T12:02:14.358983Z","times_seen":1,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":90,"dns":14,"connect":25,"send":0,"wait":32,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/css/style.css","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /static/new/css/style.css HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 10 Nov 2023 00:13:14 GMT\r\netag: W/\"654d759a-1efd8\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":126936,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5844)","md5":"de8618fc36b5d1ab91eb73257b6880e0","sha1":"3ec688bcf5b254d0cb721d92efc868f3ffe6f0f2","sha256":"5fb474fb597ebb3687b3e8f718576203a243694efab1def0e5df782f1dafd066","sha512":"6c599f370a4f7d75af68dc0bfd6697b4bea7c938968bc7b1c6326ad48ac6cf0298e2f517ef2b88e9b370d941bbc0c988d7b00981fa69528e06e342e9c5da398a","ssdeep":"1536:7SCK6ceVpN2XjdvL5V6J9ikKKsRsbFDSbF1DOblpsfXTLTryYgeYzkC:QXHV6J9ikKKsRsbFDSB1W3wXp/okC","tlshash":"98c351a672645b91241f88545bc59b22336cd013c94ef9fc6ed3150c8fca7caa6a23df","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.875131Z","times_seen":79,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuhesok.com/58854.js","fqdn":"tuhesok.com","domain":"tuhesok.com","tld":"com"},"ip":{"addr":"88.208.46.40","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tuhesok.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 Aug 2025 15:26:19 GMT","end":"Sun, 23 Nov 2025 15:26:18 GMT"},"fingerprint":{"sha1":"11:1A:31:6C:39:26:C5:07:DC:8C:79:CA:1E:46:97:B5:87:40:EF:CA","sha256":"99:98:1D:47:0B:F3:02:9E:B9:DD:A8:B6:23:4F:37:54:A6:2B:D2:1B:3B:AF:3D:35:6D:4D:74:6A:8A:CC:F5:45"}}},"request":{"raw":"GET /58854.js HTTP/1.1\r\nHost: tuhesok.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 12:01:48 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, must-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nX-Request-Id: c54d39f311f99a78aae5f278a31e3c34\r\nAccept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nX-ng-name: front8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43506,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43458), with no line terminators","md5":"cce286a76c98655126ff55a5d756c2b9","sha1":"99eca2b5d02d57a7f6450cbdf902687ba16826d8","sha256":"9f3ad4589604825d80a022d66034f12bb86487f9215ecddc1f14499c7878f362","sha512":"2cadbc7194d6c75db3d962d25886f6c7aa1bdb8ba2ba7f8f9b23f8731862186dea096c7f3cb823f57c2d7fc10c302902d3ca2600642924039847e608deb53add","ssdeep":"768:jCEb5lCr9FbMv1gEEGZ2iPJT4VH4qiWDHV/8wUz:/AqJs14SDHV/8zz","tlshash":"20132c9932927025726ea9e1537f270af37e691748b55c00c603f8803a24edef227f9d","first_seen":"2025-09-06T15:06:29.605554Z","last_seen":"2025-12-03T12:51:21.521007Z","times_seen":212,"resource_available":true,"data":null}},"time_used":217,"timings":{"blocked":86,"dns":27,"connect":17,"send":0,"wait":44,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/favicon-16x16.png","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 675\r\nlast-modified: Wed, 08 Nov 2023 12:00:18 GMT\r\netag: \"654b7852-2a3\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":675,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"b499873bbf9f4f79c55c98780893ec5c","sha1":"298126d462924274264083a56a9804be95f7774d","sha256":"d3d21a81a1f1fa8782495b8501a9fbe487eb4c662a3d09c681152e225c8da43f","sha512":"60ef4aa3bd3139ed74318d6acffa4c34a9e4d72904bbe4a0bc53375347efd23d5f3b34d90e2c3390b40f5a77fa7bfad62e11d03b4f1b643fbb323c69c67973b0","ssdeep":"","tlshash":"d80123edd4e4ef53d08d9f3b56b30704fb3c818d21929c0a593f51328d2400c94143ae","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.873584Z","times_seen":83,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.pncloudfl.com/pn/d6c/303/169/d6c303169f16834659ea448f5470aa514aadce6b.png","fqdn":"cdn.pncloudfl.com","domain":"pncloudfl.com","tld":"com"},"ip":{"addr":"104.20.30.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:49.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.pncloudfl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 12 Oct 2025 11:22:47 GMT","end":"Sat, 10 Jan 2026 12:22:44 GMT"},"fingerprint":{"sha1":"5F:F3:87:DA:78:FE:FC:D5:F7:1B:E2:6F:99:A9:F5:88:06:1F:6D:0C","sha256":"9E:1C:41:AF:6B:2C:22:66:DB:77:8A:92:75:A0:FC:E8:37:90:0A:A6:EA:FB:D6:6D:72:71:80:40:DD:CE:20:36"}}},"request":{"raw":"GET /pn/d6c/303/169/d6c303169f16834659ea448f5470aa514aadce6b.png HTTP/1.1\r\nHost: cdn.pncloudfl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 12:01:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 7992\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncache-control: max-age=432000\r\ncf-bgj: imgq:100,h2pri\r\naccept-ranges: bytes\r\ncf-polished: origSize=9483\r\naccess-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization\r\naccess-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp\r\netag: 740d9fea030595dd1e18d974a02f7d43\r\nexpires: Thu, 16 Oct 2025 03:54:16 GMT\r\nlast-modified: Tue, 27 Aug 2024 16:02:53 GMT\r\nx-cdn-host-id: ds7288,ds7445,ds5951,ds7445,ds5833\r\nx-openstack-request-id: txe186362e56ba4ba0be312-0066cf3218\r\nx-proxy-cache: HIT\r\nx-timestamp: 1724774572.00691\r\nx-trans-id: txe186362e56ba4ba0be312-0066cf3218\r\ncf-cache-status: HIT\r\nage: 115652\r\ncf-ray: 98ef29f9dd5d0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7992,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"ee484990c92643912a0ebc08c408b640","sha1":"1c599cf15aab088e2da80a0e47e28c7d4020c0ee","sha256":"5fcf8f4d9e7d742243fbb984cf008c2871ba78e9238e58d1b6cf7fc927660e3d","sha512":"678a9d1a3978b619b3778a52c524933ad55cb22ad6a985ba6a7b8389741e2e6cc21bf0c359cbb19b9bbdef2adc8a76dbf229ff179a4525cb6219bf8418d8674e","ssdeep":"192:++sl6JzXd9gCO86TjKoVKTSoJLFmK/p7QIZZogOYOduCVS4SO:3s0JzXd9/6+T/xvpnTO","tlshash":"75f19f9be359b488373f3cb96103a6cae1468b25a35b97d38a1888bc296c376039454c","first_seen":"2025-07-05T23:01:49.462184Z","last_seen":"2025-12-03T17:47:58.621622Z","times_seen":195,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":91,"dns":63,"connect":3,"send":0,"wait":9,"receive":17,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru.obmenvsem.cc/static/new/fonts/Manrope-Medium.woff2","fqdn":"ru.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 20:39:51 GMT","end":"Sun, 30 Nov 2025 20:39:50 GMT"},"fingerprint":{"sha1":"32:A5:EC:5C:8F:ED:E5:45:7E:EE:0E:16:50:9E:73:1C:73:CC:7A:1E","sha256":"85:1D:AB:2C:33:2C:5F:84:22:D8:C5:8D:64:07:A1:A1:2A:42:9B:88:2D:7B:37:0B:D9:28:20:D0:01:F6:CB:C4"}}},"request":{"raw":"GET /static/new/fonts/Manrope-Medium.woff2 HTTP/1.1\r\nHost: ru.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru.obmenvsem.cc/info.php?id=5053348\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=imdsi22r2v0fr106gu2qcdiguu\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 30388\r\nlast-modified: Mon, 02 Oct 2023 08:54:28 GMT\r\netag: \"651a8544-76b4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30388,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 30388, version 1.0","md5":"f9f6b7a211641bf4e36a84a30450499f","sha1":"c16f52bc33db2b501ea9542d4e8cb582c5d40b77","sha256":"d54e2d58d4375df23926ba135d92140943811311b11b95bbe7275ec3329f14be","sha512":"1fc08f3cd12973b25050daf9282ed2bb9f88154c766acebf6a619c9d922b1dded1a382da19a9854411744e12c4cf806f7d3072fb3fdbc2d227c3df044a722116","ssdeep":"768:5EEFhJWHHq1b2G+Ei7b2xiwQQi+RD6iki:53h4HHybV+Ecb2MwQp+RD6iki","tlshash":"ccd2f1c45366737ac8e29dbb04e90e1c6a21d1812b573af949c9c3981437ba5413deef","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.863645Z","times_seen":83,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/get/1861886?zoneid=1861886\u0026jp=_clvwfbhzzcomwhidiuemtm\u0026dr=102\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.612\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=7qwrn0aaHR0cHM6Ly9ydS5vYm1lbnZzZW0uY2MvaW5mby5waHA%2FaWQ9NTA1MzM0OA\u0026afid=7996677422883328\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026dto=2\u0026pload=728\u0026rlp=%5B0%2C42%2C46%2C25%2C627%2C1066%2C614%2C1020%2C0%5D\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0\u0026freq=0","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru.obmenvsem.cc/info.php?id=5053348","date":"2025-10-15T12:01:48.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 16:56:56 GMT","end":"Tue, 30 Dec 2025 16:56:55 GMT"},"fingerprint":{"sha1":"4A:66:8E:92:5C:6C:40:CB:49:C5:50:10:BD:FC:BD:CB:8E:1B:5B:1E","sha256":"43:6C:46:C6:6D:36:9F:0D:F8:DE:3C:9E:14:D0:0A:1B:2C:00:32:C5:18:86:37:97:90:5E:CD:B2:F9:01:69:3F"}}},"request":{"raw":"GET /get/1861886?zoneid=1861886\u0026jp=_clvwfbhzzcomwhidiuemtm\u0026dr=102\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.612\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=7qwrn0aaHR0cHM6Ly9ydS5vYm1lbnZzZW0uY2MvaW5mby5waHA%2FaWQ9NTA1MzM0OA\u0026afid=7996677422883328\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026dto=2\u0026pload=728\u0026rlp=%5B0%2C42%2C46%2C25%2C627%2C1066%2C614%2C1020%2C0%5D\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0\u0026freq=0 HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru.obmenvsem.cc/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 12:01:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-route-id: config\r\nset-cookie: CHCK=1; Path=/; Expires=Wed, 18 Nov 2026 12:01:48 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Wed, 18 Nov 2026 12:01:48 GMT; Secure; SameSite=None\nUID=2510150701d1db1184040d4860b416d92392; Path=/; Expires=Wed, 18 Nov 2026 12:01:48 GMT; Secure; SameSite=None\r\ncontent-encoding: gzip\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7789,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (7780), with no line terminators","md5":"b2a783ed2062c6f06dc64d9fcf4991a0","sha1":"acc9346ec5bf37041bbb86477b7892279812319b","sha256":"1d914d8268e1c6b591de56b956a4e85b381c25fd7c4af05fe3aa50d973c26b69","sha512":"bfdd834c59bbd07b3f484286377c8c1e645ffb708323ce34171cf4b37901f5b0fdb0033dfc10e70374620dc0ca6829c5733fac8ef8d4f73ffa6ce59d95e3a487","ssdeep":"96:OZEbVllkEzUavz+ks9h8Bi8jqkgtvxIWqG1Ik4fK+TVUez8nkS2OVAHpg87+x/zL:9l7Zz28k6GxDIxzTOVAC8KdskREK","tlshash":"f5f16c45e847cc9cac80964b2f31fd16f8c14c74aa213778cb71dab1678167a2a16ef2","first_seen":"2025-10-15T12:02:14.383184Z","last_seen":"2025-10-15T12:02:14.383184Z","times_seen":1,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}