{"report_id":"b42b226c-0dfa-4795-9cad-9acee318aae3","version":6,"status":"done","tags":[],"date":"2025-12-23T08:51:45Z","url":{"schema":"http","addr":"Oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":0,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"title":"502 Bad Gateway","dom":{"size":428,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"160aa8f5d10f2fe3968d1e003ba193b8","sha1":"c7d31c37928e72e62542ab79d7512c83bcfc8b6e","sha256":"02366355a06259959bf40013ef5c75ed7a627876b8bb53cc0970b6fb719baa20","sha512":"335e9dfa8c939f05b6202bab1fb46ffbe0647b0ddd908e76782d7d07a8c691e825cf360f263c5bf7e3e63b2bd5f364bda92cd218bdbcb2dc594f9bd501d17f74","ssdeep":"","tlshash":"1de0236762103094f2e3c23842427350471078c2d34c94000acaeafe9fdab24dc8f2d1","dom_hash":"domhashdc803a8da2b8c3ed6ce0e138d5febc53","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"Oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"45.147.200.225","port":0,"asn":51659,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-27T08:51:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"oedy9.com","ip":{"addr":"38.225.209.250","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2023-10-27","domain_rank":150266,"first_seen":"2023-10-27T10:41:23Z","last_seen":"2025-12-17T23:26:08.817115Z","alert_count":4,"request_count":4,"received_data":6150,"sent_data":1803,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"38.225.209.250","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T08:51:24.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 502 Bad Gateway\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 446\r\ndate: Tue, 23 Dec 2025 08:51:24 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"6b19bf701edb8f6e5c750878cd23c70e","sha1":"081990ae2a79feaf8902aeb7d6bbdc8279667572","sha256":"ab6c1796e96d1844b85547e7f8660536ba51d87ad5accb3c04e724dacc984a14","sha512":"e4fdf80efaa2a97de4c919c5bb66949da40b3a370d23abed2734609879052b23d5661e7f4e9e0c948a5532a076f3ad7bf22b2f8f4364d7b49cc5c846e5a9cc29","ssdeep":"","tlshash":"05f0d46622103050b1d3823856417350471035c2d24d544015cbeebf9fd9b14dc8f2d1","first_seen":"2025-12-23T08:51:46.545605Z","last_seen":"2025-12-23T08:51:46.545605Z","times_seen":1,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":128,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/favicon.ico","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"38.225.209.250","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/","date":"2025-12-23T08:51:25.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Tue, 23 Dec 2025 08:51:25 GMT\r\netag: \"6933481e-fc4\"\r\nlast-modified: Fri, 05 Dec 2025 21:01:18 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=8e24b569a590272a9b4329bb58acd27e; Max-Age=86400; httponly; path=/\r\ncontent-length: 4036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4036,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e59ad0a9aefea690d92ffc6266516c6","sha1":"f82e7a5e38ad362b54a94522fd99963bc1515d27","sha256":"fa3958fb852fab1c92b41cbb3a1ad0c4487ee1cd1ef4712e6817fab8b8fde0eb","sha512":"3b4c28339115ca408dd153651ca8a2447b50788ff8499e51986f4062a8124e3145ef0d0ee9dbc36515be338d7cd0a21e1d6eb9725e9905454911af9c6d8827e0","ssdeep":"","tlshash":"a8817e69280b2a67e7f9a51b07360117ddf1a0ad62d7a88dc909c037bdee2b73086414","first_seen":"2025-12-05T22:31:48.407286Z","last_seen":"2026-02-14T16:06:52.824936Z","times_seen":254,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"38.225.209.250","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T08:51:23.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 502 Bad Gateway\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 446\r\ndate: Tue, 23 Dec 2025 08:51:24 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"d2e24113264f07f0d3120ae05193b198","sha1":"ca54515c7f06de6dc10d61a824b13af151b041fe","sha256":"4cbfe145ea381abdecb9f175354ecf9cde033f42af56466f2f30c2de5579681a","sha512":"cd8799f229147bb1bc79b811c9603643131843f76ecb2c6fd22dd0565feccd206c897ffe108e6d14490c4c2f550cdf8d7167069e2f1c82649c6359d27d6adbb4","ssdeep":"","tlshash":"bbf0dc7a22103090b2e382385782735047102ac2e24d944059dbeebfafd9b28dc8f2d2","first_seen":"2025-12-23T08:51:46.547114Z","last_seen":"2025-12-23T08:51:46.547114Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1402,"timings":{"blocked":656,"dns":590,"connect":28,"send":0,"wait":90,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"38.225.209.250","port":80,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T08:51:24.767Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nContent-Type: text/html; charset=utf-8\r\nLocation: https://oedy9.com/\r\nDate: Tue, 23 Dec 2025 08:51:24 GMT\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":20,"dns":1,"connect":29,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}