{"report_id":"87373a05-a7cc-4a9b-9a0f-dc5f1fc6253c","version":6,"status":"done","tags":[],"date":"2025-10-13T12:37:13Z","url":{"schema":"http","addr":"composer.jioweloo.ru.com/pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5","fqdn":"composer.jioweloo.ru.com","domain":"jioweloo.ru.com","tld":"ru.com"},"ip":{"addr":"172.67.137.241","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"composer.jioweloo.ru.com/pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5","fqdn":"composer.jioweloo.ru.com","domain":"jioweloo.ru.com","tld":"ru.com"},"title":"​"},"submit":{"url":{"schema":"http","addr":"composer.jioweloo.ru.com/pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5","fqdn":"composer.jioweloo.ru.com","domain":"jioweloo.ru.com","tld":"ru.com"},"ip":{"addr":"172.67.137.241","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-17T12:37:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"composer.jioweloo.ru.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"composer.jioweloo.ru.com","ip":{"addr":"172.67.137.241","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-12","domain_rank":0,"first_seen":"2025-10-10T22:55:56.465634Z","last_seen":"2025-10-10T22:55:56.465634Z","alert_count":2,"request_count":2,"received_data":21414,"sent_data":1837,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"composer.jioweloo.ru.com/pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5","fqdn":"composer.jioweloo.ru.com","domain":"jioweloo.ru.com","tld":"ru.com"},"ip":{"addr":"172.67.137.241","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"971f5054086e50ca3139371ec61f9380","sha1":"22b9c3929da29746a1bc6fdf5935ea576db5e0dc","sha256":"4fd64e7c9291a15f93993519231df3f7dd40d7dee3639012a9972bd4e8545ad8","sha512":"270ce91fd54c669906f99112cf16bca6d3408e297a088f843dee6fe2e1f2194c57c32542f8ee372b695d3bbff875993f5d9dc506d9c897808d581a3f9ca5fb37","ssdeep":"","tlshash":"0f41d17f728a2c3a0ed70afb74d667ad3d2104846da1895056aecc1b0759dc2f93f6c4","size":1944,"data":"","first_seen":"2025-10-13T12:37:14.971965Z","last_seen":"2025-10-13T12:37:14.971965Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"composer.jioweloo.ru.com/pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5","fqdn":"composer.jioweloo.ru.com","domain":"jioweloo.ru.com","tld":"ru.com"},"ip":{"addr":"172.67.137.241","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-13T12:36:49.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jioweloo.ru.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Sep 2025 23:21:04 GMT","end":"Fri, 12 Dec 2025 14:14:42 GMT"},"fingerprint":{"sha1":"9E:CA:B9:8C:06:19:4F:E5:9F:2F:06:63:3E:0C:82:79:04:C6:C2:34","sha256":"D6:1A:DE:D1:CF:65:86:A1:44:9D:2C:90:F3:B6:8C:1A:95:42:36:87:63:54:BD:41:38:97:6B:51:00:1A:BF:07"}}},"request":{"raw":"GET /pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5 HTTP/1.1\r\nHost: composer.jioweloo.ru.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 13 Oct 2025 12:36:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4lu912pH%2FUCdovY3kk5TGIWtTuCXUp8aYrD0UGrexZQQsWoAN16fMPy9G8Lz0STcJNjTXAu8wVDN0mudKrOScoDqzbyBHpGAU%2Fg%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6InJpMUZub3FMdTNLME1FQUlIelJBRWc9PSIsInZhbHVlIjoiaWdOMjVSVjN3eThCZ1RaTWJSUXkwYWp6L0d6SVpHUXBYeHRGR0hNQ0pxTnd5T2cvZkdaem1mSTdCbW1ydHB5NjMySUNTMWZNZnJwQzBnb1gzWXVkZlZPbml1cHlWa1N5Q0ZvdGhoT1ZsR1N0d01adjdpSGxFRjFrdUxPVUVqMmEiLCJtYWMiOiJkYTlmYzNjMmQ4NGZiZmM3YzE2ZmYyZGUyN2U3MjE5NzI3NDhmZDZiYjk0M2FlZWZlOGZiZTcwMzliZjQ4MDU2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 13 Oct 2025 14:36:50 GMT\nlaravel_session=eyJpdiI6IjdDeUhZQWZQOEJLQ1FQamo1ZlpRNEE9PSIsInZhbHVlIjoiYzRZMnA1SVJqWEVZaUtBQUh6bWFmbXRDZjRwV1JwN0M4bUVPeHkxZzFpcmxwTzl2bnhzOTEwWGJnWEpLYWg0UnI0UHpwakczSk8rY0Z6NE9xcTluMklHOUR4VjA0Vjd1cnlpTjVGU2s5UUszZEZzV21rVENtMmlrTzFpdk5YWSsiLCJtYWMiOiI4ZjRmMDA4NTIzOWVlODk4YjdkZTEzNzlmYTJiNzE1MDdiNWRiZmU4MzZmNTY2OTQ1NjdmZGU1MzMyYjRkZjE2IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 13 Oct 2025 14:36:50 GMT\r\ncf-ray: 98dee28499ea1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7162,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7147), with no line terminators","md5":"a527f1261b620b3d8d18a1f63f1c11f2","sha1":"1cdb697c5e4dc0f8bfe17223736e75da50f49d5a","sha256":"3eb19884a5a87189c04eea2d298f07ab722628db8334af4f47059bf45c3c6df3","sha512":"4d097d47f78f4e4abfc1053f6cff80ca1e44605106e73293ee2dd9457dc4d7f252243833d8bee0081b8e0a6b927c65e59d6fc4c651e7f661df9b2aa23cfc3372","ssdeep":"96:rxm+3iXAyfJiPowsoWmzP30a74sHQyoJ17ua+YSPXRDstbprcIB1Lzjf:rx33iX9JAooFowt6H+VPXRDkdrJLzjf","tlshash":"f0e1f8777505003c9ad397977fc1a7ed3138a242d03318682b99886ac6cedd692ff785","first_seen":"2025-10-13T12:37:14.964839Z","last_seen":"2025-10-13T12:37:14.964839Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1249,"timings":{"blocked":238,"dns":39,"connect":1,"send":0,"wait":773,"receive":0,"ssl":196},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"composer.jioweloo.ru.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"composer.jioweloo.ru.com/favicon.ico","fqdn":"composer.jioweloo.ru.com","domain":"jioweloo.ru.com","tld":"ru.com"},"ip":{"addr":"172.67.137.241","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://composer.jioweloo.ru.com/pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5","date":"2025-10-13T12:36:51.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jioweloo.ru.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Sep 2025 23:21:04 GMT","end":"Fri, 12 Dec 2025 14:14:42 GMT"},"fingerprint":{"sha1":"9E:CA:B9:8C:06:19:4F:E5:9F:2F:06:63:3E:0C:82:79:04:C6:C2:34","sha256":"D6:1A:DE:D1:CF:65:86:A1:44:9D:2C:90:F3:B6:8C:1A:95:42:36:87:63:54:BD:41:38:97:6B:51:00:1A:BF:07"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: composer.jioweloo.ru.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://composer.jioweloo.ru.com/pC!mh6tS/\u0026sa=D\u0026source=editors\u0026ust=1760362406019036\u0026usg=AOvVaw0vARj5Hj9Ee-R84oOzOzp5\r\nCookie: XSRF-TOKEN=eyJpdiI6InJpMUZub3FMdTNLME1FQUlIelJBRWc9PSIsInZhbHVlIjoiaWdOMjVSVjN3eThCZ1RaTWJSUXkwYWp6L0d6SVpHUXBYeHRGR0hNQ0pxTnd5T2cvZkdaem1mSTdCbW1ydHB5NjMySUNTMWZNZnJwQzBnb1gzWXVkZlZPbml1cHlWa1N5Q0ZvdGhoT1ZsR1N0d01adjdpSGxFRjFrdUxPVUVqMmEiLCJtYWMiOiJkYTlmYzNjMmQ4NGZiZmM3YzE2ZmYyZGUyN2U3MjE5NzI3NDhmZDZiYjk0M2FlZWZlOGZiZTcwMzliZjQ4MDU2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjdDeUhZQWZQOEJLQ1FQamo1ZlpRNEE9PSIsInZhbHVlIjoiYzRZMnA1SVJqWEVZaUtBQUh6bWFmbXRDZjRwV1JwN0M4bUVPeHkxZzFpcmxwTzl2bnhzOTEwWGJnWEpLYWg0UnI0UHpwakczSk8rY0Z6NE9xcTluMklHOUR4VjA0Vjd1cnlpTjVGU2s5UUszZEZzV21rVENtMmlrTzFpdk5YWSsiLCJtYWMiOiI4ZjRmMDA4NTIzOWVlODk4YjdkZTEzNzlmYTJiNzE1MDdiNWRiZmU4MzZmNTY2OTQ1NjdmZGU1MzMyYjRkZjE2IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 13 Oct 2025 12:36:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gfJrQCAxhJy58f5%2BAyHThKerabmw3P5Cb8tLPi%2BGT4cNSmxMwss6mo%2Fl%2BFOtVTzqGN0wWs0%2FcscZLuE8uQz5AZmBtzeHsRFx\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ilkzazk0TFdUVDh1NVhoblFpcXNkZWc9PSIsInZhbHVlIjoiZVVHT3FtOWVEMldWSnNRZEREMmUyWE5vMjlCZHZUVXlUbFdrb3MzanNMazJvSVhObzMrVy9vZXorS25sQlh0dklEOXJGYnlrcVBaRS9UWlFNYzRjSWE1MmpEa0JKQ2JaazlZSXJJdURsSVUxUEFrU1BUZnQ5N1FES2dzUGZoc2giLCJtYWMiOiI3NjUxZTg1ZDZiOWJjMzE5NGVlNjI0ODVmMTkxZWRjMzVhNTMwYzQ0NThlZDE2ZjIzYjY1MzUyY2IwNmEwZjA2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 13 Oct 2025 14:36:51 GMT\nlaravel_session=eyJpdiI6Ilg0NHI3aFNQSUoyTUQ0WGlwOGdNdnc9PSIsInZhbHVlIjoiWHl3YjFTdXdITGgrYlFGVjFOdXlMTnRUNFFhd3pLeDk4MGhIK29yODA1M2tmMHhBaC9LRkZvV1RXM0QyU1V6WURBSGdMYVNuRHhIelh3ZllZRjlBZHpDMlB4TkU1UEg3SnhYSjZ6NU10NEpPK2xBYWFHZHlJYjVnMkE4QStxQlUiLCJtYWMiOiIzNTZiZmRhZGVkMTAwNmM1NzZhODJjNzliZDM3ZTIyM2RiMzNkNjY2YWRjY2MwY2QyYWE3NGMxYTQzOTRjNGQ4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 13 Oct 2025 14:36:51 GMT\r\ncf-ray: 98dee28abb021525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11269,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"5a248e8726e359d3ba0abc92cba8a2f9","sha1":"b5d9c808ed9e4230b33676925b260081aafee682","sha256":"99c3583be17f5677f27b750932672e4b9deaf7302c6bf78203d3c4abc4c67c12","sha512":"fcc89c6c575f8c3bf77350cec45a4e15143f5571e33aa2de7e36c6a8a8f61b033decde101d8defb576c0719d7e13433e39987124418fc07645f75f60b14eaaed","ssdeep":"192:vhBYnJjn6vNIwUQJKsY6+4OWZZE5H5M05RmLEk:vkn6vNIwUQJKq9ZExl/mLEk","tlshash":"1332623931f2167f21c381a2b261bb6eaeb8c617c50b565cf1bc8199afc7c11c54b269","first_seen":"2025-09-22T00:05:54.170403Z","last_seen":"2025-10-14T15:39:53.309084Z","times_seen":971,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":727,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"composer.jioweloo.ru.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}