{"report_id":"b40f6345-c347-47dc-846f-714e362e5a9c","version":6,"status":"done","tags":[],"date":"2024-02-19T03:16:29Z","url":{"schema":"http","addr":"cn99971.tw1.ru/?id=17227864","fqdn":"cn99971.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"92.53.123.166","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"cn99971.tw1.ru/?id=17227864","fqdn":"cn99971.tw1.ru","domain":"tw1.ru","tld":"ru"},"title":"Voting Page"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T23:55:01Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cn99971.tw1.ru","ip":{"addr":"92.53.123.166","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"2006-06-29","domain_rank":0,"first_seen":"2024-02-11 07:20:18","last_seen":"2024-02-12 06:58:59","alert_count":1,"request_count":5,"received_data":74178,"sent_data":2324,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2024-02-12","alert":"Generic/Spear Phishing","trigger":"cn99971.tw1.ru/?id=17227864","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}]},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cn99971.tw1.ru/fonts/Gilroy-Medium.woff2","fqdn":"cn99971.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"92.53.123.166","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cn99971.tw1.ru/?id=17227864","date":"2024-02-19T03:16:04.724Z","timestamp":1708312564724,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 11 Jan 2024 13:25:41 GMT","end":"Tue, 11 Feb 2025 13:25:40 GMT"},"fingerprint":{"sha1":"F8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51","sha256":"CF:71:51:38:95:36:72:08:B3:AF:D7:03:80:D6:EC:BF:06:4F:5A:77:8A:EA:34:58:DC:CD:89:5A:5D:92:76:91"}}},"request":{"raw":"GET /fonts/Gilroy-Medium.woff2 HTTP/1.1\r\nHost: cn99971.tw1.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn99971.tw1.ru/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Mon, 19 Feb 2024 03:16:04 GMT\r\ncontent-type: application/font-woff2\r\ncontent-length: 27960\r\nlast-modified: Thu, 25 Jan 2024 11:28:58 GMT\r\netag: \"65b245fa-6d38\"\r\nexpires: Tue, 18 Feb 2025 03:16:04 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27960,"size_decoded":27960,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27960, version 1.0","md5":"932a2a096029e92b3fbba8ca5157dfa0","sha1":"bc021efd305dd966291e9db562299f83f86f87bd","sha256":"30ca7f65e4d4cf882eeb5d1e5a512ed6534b05b0c34ee20a7e8b173a860e98b8","sha512":"909029f9dfbfd73afae50f8404f8cca1e06d3a9344416c23ab3aa936089a9889175c5a538aba12664bcca2fbdb4393dffb8203c692ba69f6322cc65c7f79db72","ssdeep":"","tlshash":"","first_seen":"2023-07-21T17:50:57Z","last_seen":"2026-06-01T09:07:33.624777Z","times_seen":116,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn99971.tw1.ru/fonts/Gilroy-Bold.woff2","fqdn":"cn99971.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"92.53.123.166","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cn99971.tw1.ru/?id=17227864","date":"2024-02-19T03:16:04.728Z","timestamp":1708312564728,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 11 Jan 2024 13:25:41 GMT","end":"Tue, 11 Feb 2025 13:25:40 GMT"},"fingerprint":{"sha1":"F8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51","sha256":"CF:71:51:38:95:36:72:08:B3:AF:D7:03:80:D6:EC:BF:06:4F:5A:77:8A:EA:34:58:DC:CD:89:5A:5D:92:76:91"}}},"request":{"raw":"GET /fonts/Gilroy-Bold.woff2 HTTP/1.1\r\nHost: cn99971.tw1.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn99971.tw1.ru/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Mon, 19 Feb 2024 03:16:04 GMT\r\ncontent-type: application/font-woff2\r\ncontent-length: 27636\r\nlast-modified: Thu, 25 Jan 2024 11:29:00 GMT\r\netag: \"65b245fc-6bf4\"\r\nexpires: Tue, 18 Feb 2025 03:16:04 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27636,"size_decoded":27636,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27636, version 1.0","md5":"159ae5644b55bc516bbf570aefbb12ed","sha1":"4b1b0a26715138e38b02add4734c321266637620","sha256":"d4ec55d8c9f61e980d5919361654510b72258657f50fd5039cd18f01d57ee151","sha512":"d57a25dc6eec82f2ce3006417b8f63daa4a1a73a3385a3b7a3a52235e73d73cdbd6530ff1c0a875a7033ae73cc579ff730ee6c0f41a58686b85ea233f30449d8","ssdeep":"","tlshash":"","first_seen":"2023-12-08T21:09:08Z","last_seen":"2026-06-01T09:07:33.647336Z","times_seen":110,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn99971.tw1.ru/?id=17227864","fqdn":"cn99971.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"92.53.123.166","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-02-19T03:16:04.159Z","timestamp":1708312564159,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 11 Jan 2024 13:25:41 GMT","end":"Tue, 11 Feb 2025 13:25:40 GMT"},"fingerprint":{"sha1":"F8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51","sha256":"CF:71:51:38:95:36:72:08:B3:AF:D7:03:80:D6:EC:BF:06:4F:5A:77:8A:EA:34:58:DC:CD:89:5A:5D:92:76:91"}}},"request":{"raw":"GET /?id=17227864 HTTP/1.1\r\nHost: cn99971.tw1.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Mon, 19 Feb 2024 03:16:04 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14684,"size_decoded":14684,"mime_type":"text/html; charset=UTF-8","magic":"gzip compressed data, from Unix","md5":"2e054ae68faeb8f7aeabb1fedc3c6a16","sha1":"770fa386702637202e1e102ee04af0bad1ba9fdd","sha256":"3671ed025796ee0c16b2fbd0fd4041ea9cf9edde8a255b85ce5ef3a5a026f92f","sha512":"a3f201a9dd1d99e3879c843975075a21033b77d2689a14cc2ad86877776febfae3daea94dabfc1dced4191b83f46a762f81ba290b819b2bd372ad8eaedf7014e","ssdeep":"384:IL4ExeMEDWG2TZsJC5gkPS6YvFgXQKYzUOqweMdv506Bxr2L2tet:iJEDWGKsJuhq6sqPYnBf/BxE6A","tlshash":"8562e098d6c03020c2ec6bb2bc9e8353932256dc6e49c94ef8100be1ad9b114ea9f25d","first_seen":"2024-08-20T09:26:04.875449Z","last_seen":"2024-08-20T09:26:04.875449Z","times_seen":1,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":71,"dns":2,"connect":41,"send":0,"wait":87,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2024-02-12","alert":"Generic/Spear Phishing","trigger":"cn99971.tw1.ru/?id=17227864","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn99971.tw1.ru/favicon.ico","fqdn":"cn99971.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"92.53.123.166","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn99971.tw1.ru/?id=17227864","date":"2024-02-19T03:16:04.719Z","timestamp":1708312564719,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 11 Jan 2024 13:25:41 GMT","end":"Tue, 11 Feb 2025 13:25:40 GMT"},"fingerprint":{"sha1":"F8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51","sha256":"CF:71:51:38:95:36:72:08:B3:AF:D7:03:80:D6:EC:BF:06:4F:5A:77:8A:EA:34:58:DC:CD:89:5A:5D:92:76:91"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cn99971.tw1.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn99971.tw1.ru/?id=17227864\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx/1.24.0\r\ndate: Mon, 19 Feb 2024 03:16:06 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 196\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":196,"size_decoded":196,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-06-06T01:05:57.816699Z","times_seen":103984,"resource_available":true,"data":null}},"time_used":2048,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2047,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn99971.tw1.ru/style.css","fqdn":"cn99971.tw1.ru","domain":"tw1.ru","tld":"ru"},"ip":{"addr":"92.53.123.166","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn99971.tw1.ru/?id=17227864","date":"2024-02-19T03:16:04.672Z","timestamp":1708312564672,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tw1.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 11 Jan 2024 13:25:41 GMT","end":"Tue, 11 Feb 2025 13:25:40 GMT"},"fingerprint":{"sha1":"F8:4F:0D:CA:E7:A6:0A:6D:24:20:EA:9A:4A:5A:FD:93:21:2F:88:51","sha256":"CF:71:51:38:95:36:72:08:B3:AF:D7:03:80:D6:EC:BF:06:4F:5A:77:8A:EA:34:58:DC:CD:89:5A:5D:92:76:91"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: cn99971.tw1.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn99971.tw1.ru/?id=17227864\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Mon, 19 Feb 2024 03:16:04 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 02 Feb 2024 22:40:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65bd6f74-966\"\r\nexpires: Tue, 18 Feb 2025 03:16:04 GMT\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2406,"size_decoded":2406,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (2488), with no line terminators","md5":"9acc545f41131cbb66a23daf6fb0220b","sha1":"64088cb6a5261ec0afe4c06162aaf5110cc67670","sha256":"91fc4c2493cc1319c6b93a042b26a20188d1591405a7829e7ed01b0aabbae507","sha512":"88cf5abf6587df5235798de6a67bcf12e05e5f9c685dd8766bc93f91280b00600a68dba92e6e4ae1f26fcf479b9aec09f96045472bc33259681d91d49691162b","ssdeep":"","tlshash":"80517a148c0f3176bd062c2d76a6e742168f34ab5086467b7bcc756cdbea45c835572c","first_seen":"2024-08-20T09:26:04.87712Z","last_seen":"2024-08-20T09:26:04.87712Z","times_seen":1,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}