{"report_id":"c13ce4f7-8968-4ce7-84b3-2c49620e8390","version":6,"status":"done","tags":[],"date":"2026-02-25T18:07:45Z","url":{"schema":"http","addr":"openfinancelab.org","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"ip":{"addr":"185.21.14.111","port":0,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"final":{"url":{"schema":"https","addr":"openfinancelab.org/","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"title":"Европа • Светлый режим","dom":{"size":6721,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"3cf9434b602c0fab25efb5de3356b3d6","sha1":"fb75c896096941bbe216a418201d942d6565b0b0","sha256":"8b9accb2fd9a6cf0ff1b6d5016ecb72f6a5d87afc32e09f508a4ba7c0acf2859","sha512":"0ed3962ba7dd13a5b8dcbba4bcd2afea7cf762dfa7dc81f80a750f4d9a010ed052b794ad36678e4aa7809083835681df897557de402d4f78ad4f76d470e80059","ssdeep":"192:35h6qK4ierr7QcZm7uHxYMWt9pOtMNoiuhy7hyDGimeX:35h6qKpi/6yMrHoiuhy7hyKimu","tlshash":"7ed1c930e28210397073c1ca6c92e79e32b09433e51b9318bf5c29564fd99deda7261b","dom_hash":"domhash5971e374f641b61f08e4239edea86f96","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"openfinancelab.org","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"ip":{"addr":"185.21.14.111","port":0,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-01T18:07:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"openfinancelab.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"openfinancelab.org","ip":{"addr":"185.21.14.111","port":443,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"domain_registered":"2026-02-16","domain_rank":0,"first_seen":"2026-02-25T01:54:43.602992Z","last_seen":"2026-02-25T01:54:43.602992Z","alert_count":2,"request_count":2,"received_data":7261,"sent_data":930,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"openfinancelab.org/","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"ip":{"addr":"185.21.14.111","port":443,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":true,"md5":"c4911ed679bb00aeac51b25697d9eee4","sha1":"6a17b8e027b651ed82c336fbbf22b653d03c54c8","sha256":"a4984e19e42c4e6d75a9c1656f8715e0a4bbd93bae458342b439245cdce31d2e","sha512":"de20575c1c2f292bcec2e35eff5dc817aa10c9b36a00cc71297bcc229ff82f9614fd1f7bf240a40893292e754a55c116851a56fd412d31a7ca8b1d3614947a0e","ssdeep":"","tlshash":"23b012951001cec1165010a03a418f31147812558b41669014069481207054e4e85dc4","size":92,"data":"","first_seen":"2026-02-25T01:49:52.587601Z","last_seen":"2026-03-18T11:27:42.617032Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfinancelab.org/","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"ip":{"addr":"185.21.14.111","port":443,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":true,"md5":"e11ef30c829424ef9958a9b7dbb67d7b","sha1":"2559f37af82c6fa0a3eac797bd0841800ea36dd8","sha256":"9499669af6235dfd02c13dcf023cf73604ef91932a50808f7735aa91b2a8eaea","sha512":"6fef2cae946ac52a33917dfedaab78bdc1183cf448f93ad11292cb5a1f326d852113e5d6edffb04a9ae828b0fb76d7e1bf124d9083411a4e4eaf0f029388e5a6","ssdeep":"","tlshash":"78f02b73f39a0678839f52ff2c9667a534b440063205c35a992c10216cd8f9fb4bbacb","size":546,"data":"","first_seen":"2026-02-25T01:49:52.588744Z","last_seen":"2026-02-25T18:07:46.162127Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfinancelab.org/","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"ip":{"addr":"185.21.14.111","port":443,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":true,"md5":"1225d2b9f6f51c039fe1df1a8cd39a09","sha1":"1bc7905114c16db013536caf03a3dc483d0c5201","sha256":"d1923fbc8ea43b42702f8f674d93c101900db466c3998d1eb73cb9e790fc20da","sha512":"419e0273fc3eb6a574f4026a63211ba6b3668583afaa0d63405b75c402816aac9a3130e621bed663acfd650a5d0bf66f451e013f837a0b0d635cfae900cf3535","ssdeep":"","tlshash":"bb11ab1e01234bf610f36098db87b3a079f201933149c6083d1e8144af8ce5db7b1aaa","size":907,"data":"","first_seen":"2026-02-25T01:49:52.589866Z","last_seen":"2026-02-25T18:07:46.163214Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"1064e130e086f20600333117018d8238","sha1":"dd95944828443acd9e02c1fa9d9aa2f436302900","sha256":"494a24abaf3fc7264bba23025e7868b20abb3f56ae345f71c0fbb10cac8306dd","sha512":"bc4ea1f5f3703483103f52979b9f14b50c526eee27e521406fda3d2fe6a42fdc1cf2e763d70b99fa9b3905430557bbbb805438acef42599c785b089a31c37837","ssdeep":"","tlshash":"01800080a280320b2a200c82c8a0238a02800c28a2ce8030bc080a3202c0003aa88020","size":27,"data":"","first_seen":"2026-02-25T01:54:47.462587Z","last_seen":"2026-02-25T18:07:46.164649Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"openfinancelab.org/","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"ip":{"addr":"185.21.14.111","port":443,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-25T18:07:23.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openfinancelab.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Feb 2026 07:14:49 GMT","end":"Mon, 18 May 2026 07:14:48 GMT"},"fingerprint":{"sha1":"65:8D:17:47:12:44:61:09:F9:48:49:CD:30:52:3C:4F:8F:19:28:69","sha256":"9D:A9:EC:52:4D:63:6F:95:A1:96:E3:48:A9:25:BA:F6:C6:22:CC:EC:82:DC:1E:4F:2C:46:F2:71:3C:94:5E:88"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: openfinancelab.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 25 Feb 2026 18:07:23 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 16 Feb 2026 08:32:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6992d603-1a28\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6696,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"30b0c91bba3613d55678a0d90b5e40ea","sha1":"199bf1f6be4c169b0f644dd612c3cc023b77e1e4","sha256":"7cff02c1edf189c946f63e9ff79969583fce13929c3d8a7bd947b8c6e665a427","sha512":"b2f8616c52572304de165c7ef44d5a89adb5cfaad15885ba0a37cef8903daea36708b3ca8849e14aa0a107a44d191721f2ea867bd70051d03d8deb8ba74e6f1b","ssdeep":"192:Y5hX4ierr7QcZm7uHxYMWt9pOt8zoiuhy7hyDGimeb:Y5hXpi/6yMr9oiuhy7hyKimG","tlshash":"96d1b930e28210397073c1ca7c92e79e31b18423e51b9318bf5c25568fd99deda7661b","first_seen":"2026-02-25T01:54:47.452301Z","last_seen":"2026-02-25T18:07:46.156767Z","times_seen":2,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":57,"dns":6,"connect":22,"send":0,"wait":22,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"openfinancelab.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openfinancelab.org/favicon.ico","fqdn":"openfinancelab.org","domain":"openfinancelab.org","tld":"org"},"ip":{"addr":"185.21.14.111","port":443,"asn":0,"as":"","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://openfinancelab.org/","date":"2026-02-25T18:07:23.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openfinancelab.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Feb 2026 07:14:49 GMT","end":"Mon, 18 May 2026 07:14:48 GMT"},"fingerprint":{"sha1":"65:8D:17:47:12:44:61:09:F9:48:49:CD:30:52:3C:4F:8F:19:28:69","sha256":"9D:A9:EC:52:4D:63:6F:95:A1:96:E3:48:A9:25:BA:F6:C6:22:CC:EC:82:DC:1E:4F:2C:46:F2:71:3C:94:5E:88"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: openfinancelab.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openfinancelab.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 25 Feb 2026 18:07:23 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-08T19:36:24.63917Z","times_seen":524195,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"openfinancelab.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}