{"report_id":"e1d94fbd-db05-49cf-af8d-690edb1063db","version":6,"status":"done","tags":[],"date":"2025-02-12T19:34:59Z","url":{"schema":"http","addr":"91.198.77.215/bins/sora.arm7","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":0,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"91.198.77.215/account/sign-in?redirect_url=%2Fharbor%2Fprojects","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"title":"Harbor"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-23T19:34:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"91.198.77.215","ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2022-07-08T07:51:08Z","last_seen":"2023-11-14T09:46:06Z","alert_count":66,"request_count":62,"received_data":1583786,"sent_data":29977,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-02-12T19:34:24Z","timestamp":1739388864,"ip_dst":{"addr":"91.198.77.215","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.23","port":59412,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO ARM7 File Download Request from IP Address","source":"{\"timestamp\":\"2025-02-12T19:34:24.680394+0000\",\"flow_id\":669198716004412,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":59412,\"dest_ip\":\"91.198.77.215\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025125,\"rev\":3,\"signature\":\"ET INFO ARM7 File Download Request from IP Address\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"IoT\"],\"created_at\":[\"2017_12_05\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"91.198.77.215\",\"url\":\"/bins/sora.arm7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"https://91.198.77.215:443/bins/sora.arm7\",\"length\":171},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":684,\"bytes_toclient\":593,\"start\":\"2025-02-12T19:34:24.616508+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-02-12T19:34:24Z","timestamp":1739388864,"ip_dst":{"addr":"91.198.77.215","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.23","port":59412,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious GET Request for .arm file File","source":"{\"timestamp\":\"2025-02-12T19:34:24.680394+0000\",\"flow_id\":669198716004412,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":59412,\"dest_ip\":\"91.198.77.215\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038656,\"rev\":1,\"signature\":\"ET HUNTING Suspicious GET Request for .arm file File\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2022_08_29\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"http\":{\"hostname\":\"91.198.77.215\",\"url\":\"/bins/sora.arm7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"https://91.198.77.215:443/bins/sora.arm7\",\"length\":171},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":684,\"bytes_toclient\":593,\"start\":\"2025-02-12T19:34:24.616508+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"91.198.77.215/9254.bc0660424c8609e3.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"22ef2271b2539423419e55834b9a7e85","sha1":"e7678f1aadb208be8aa0f1a7485bc365093fe2c8","sha256":"6c1e0442f8eaf992d82951b973ed4be3b98f046846d32d9fc70ee411f7541c9d","sha512":"d6582ff2debab6178fcf7cf896fde5752b85bf390c6448afc802628985ff9952c7fc8f10d8c384700a3d81caafa91b881fd35098ae9fc15b1ba2bcf7e388ea4a","ssdeep":"384:g3X1SaiEZ3wXorj0jV53NSXS6c3OXE8tIm+tyYsftdeitnyIot5YLtFSP7TCIhWi:qka5xwXorj0jVXSXTc+XG","tlshash":"d862b7d3865274d723b250b0ba5a0b1352cd8c922a0d0948f1f84ed977bde46b367b3d","size":14796,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.872191Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3703.f332dcfd9addbbee.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"1518bb33786c0d90968806d02a0bd8ba","sha1":"5dc36ccec2da9095987c71f9494c5991a91c0877","sha256":"6de2b1b94bb3feb644fe56714b282e6572a533688161e70ff8eeb7cdd5828c6b","sha512":"afaeffed010615a1df45c1cfce7a95bad1cc2f8dfce393e95bb0264b9a765e30d217e0dfb557cfabb7df614e23819b1d7d8f222c87438d7e0af9eeace088ca7f","ssdeep":"192:i2LvL+mLZLOd7JBhVTcnjHHtv8XfM4qakTs3SxjU+Ql:i2Dqm1s1T9uY3SxjUF","tlshash":"a922ea425a50b0eda39390e1f2b64a0b622d5d83950e4278f2dc8dd8f79dd8db36633c","size":10473,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.876579Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/2012.bbaa4fd7ed564a81.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"44b8c1d76cefb577cbdf8433fe4fe409","sha1":"964b75a3fcb2f92fb72a9c1fde29bf77f0432ef9","sha256":"7b226e5fd7d4d1b2ea56d7e0db36281472c2bce4158bff9ded8d74fa5acfff10","sha512":"9703869507360f6fecf9e8ff7a588abf11bec2fe1fb415d706eb4cf0639fe421ee1b2ba6914870c55d16348d7866b9d6a6d7c31d23633f2b30892f8688bff387","ssdeep":"384:duoPsbUcv5HjDIfx0MvhglbljBVVqj5vJDZ0V++e:PkS0agZljBjqlVZ5","tlshash":"e3520a9aaa50a1ed43e390a2b5e3250b617c4d42a50d412cf2dcdddcf9a8d8db3a653c","size":14424,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.896419Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7898.4c1912c2d089c576.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"643c7d3abc6c5045aa2c0fea2d43fb49","sha1":"a00f776756d16802856c7d31e97e6c05ba2c39a2","sha256":"af491fd4800734a2b40b03c09b2de6e31ff6314da6eb14118417b1026d302744","sha512":"35f13faabac6ae4c74a8aecaab5f5d20101ba4f6c5ace96cffbdcf36a496ecfe81be41fcb0e8327cc8ecc3698add7f261dcfab605d19c34f67d33d4e09d4f68c","ssdeep":"","tlshash":"8b41009fe615e0b591eddd0736ba0cb880761404705978bcbbbcccb69242cd8689973e","size":1989,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.899723Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1208.b62243d4660fccc1.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"e68efce5926c0f5f39edff02c1a697c2","sha1":"031f1f8bc051a8355a42374e3c12f06cf0077eeb","sha256":"9d3f0ffd32327fdc8d265c9ed3fa16905bd6fab0097fccabf11f39d2b64e5141","sha512":"88c0db464b0bebfa93c5a39e9601f05fa4c15866efd043d906baba63866e6c164af35596b17b2ec87e9717142505d4bc41ba5b160d0ae68904cdd7cc2c41791f","ssdeep":"","tlshash":"452184ffa140b5df27ea4dd09c3b2c9f78047825a70b01ad928c9d39c2a0d5d0ce2758","size":1161,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.869411Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/668.80599201d988aba3.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"626572adb0c84c1dbe99c1596217f35f","sha1":"128ba19a82b635c71a67904bd26094217566d2ec","sha256":"71873532996fc6587761b44ab7ac84f73b238cbdd8070859f87b259d160b4c85","sha512":"3e61f0babb8cb8e288b198edabb10556f303466f674fbbfea018e57c07a5fe2400f7a79c5f1e1884c8f189f431649608bc8dee65cc076465544dc391c1c98e8e","ssdeep":"384:F0BBDwH/2fDPlhC50hKQ8P6C+vsRj+V2GOZdjA2RtDEYq:aBFwf2fzlk51QQ6Bvst+2RtDEb","tlshash":"d892e6879761a0d563e34195d3ae4a43160c4e04762f9ab8f6ec4cddb74c46cb3aba3c","size":20713,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.888916Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5674.9412b35ec95e709c.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa9bdbc76c570b950e143da04282236a","sha1":"b6703d72e20a32e9bfa6a59ee7223d66ad7b6ea5","sha256":"48e7a9dd20799f926e0b7592b361878def09aac3b64a2a7d225c52506fc5f042","sha512":"2def794b9c7049b49a741b1464893ea993e84b01744b8dfaabe44545a9269fba333f4ba83d68f476a3488993bb9800d0dcf03af9bb831cb39db89c9b8bf6eee7","ssdeep":"768:gxhxRWAgXsaNqgFSdEClJxyf2ua2Z8HZsb:gxhxRe4gFSd5lWWZq","tlshash":"fcd20bf26a94983966ed4871e0523906922c5546a62f835cb77d6d8cafccf8f930337c","size":28409,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.892132Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4539.615219b3de3cc9b6.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"c21094a951e0f6200177b6003855e307","sha1":"d659ff729714b645221b20a821ba419497a6ded9","sha256":"c7e1344c201e9b088d48d0c137da4e61d87077a97a735bb5ec736a52acc7e0e8","sha512":"e7c001a25eb9b5c64214a31dd779acd77ee4b006d1d18d975d195d60d2ef26539b8bee8ad48a90137149f021cc23e27d786b587956e46a59a4db621069a98cd9","ssdeep":"1536:Ah4ANVC6s9QAarzzyalLh/CCA52JYpeisVmf:AXDAarzzyc/1AUJbmf","tlshash":"0e73da63965081fc63d79461b3b62a03923d9c5da20e8158f2dc8dd8f78da8de397339","size":78313,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.904847Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3106.8d7e44553705ff4e.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"237e59e79c95fb1fd3de3aa400176f1c","sha1":"acdc89977d923ef9a469e366564b1c94d5088e64","sha256":"3e98b22232fef315246c9c42ce9a964a5397d0c8859c2f398feac9970129e392","sha512":"1858cef652c376884bb34d43ff9d68300edc46c34dd7191f523d439dcc6b60bd759a388e981a9b063c9fe2f87c75badc10cec8158468d64c519292835136d57a","ssdeep":"","tlshash":"674174656362a90d6a7f98d512641aab1c1cb11351270198f34deef8d381ffdd3a02b9","size":2029,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.866314Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1690.da755c589995c1df.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"3368e1c71adddaadc9e6e59f78e0bf73","sha1":"dae0c476e648fb76d326ad3510c0042d65a7103b","sha256":"dab0d40311a6e12b56eebdb29f54e4a9917207486d4d2b5e70a94e566449b3c2","sha512":"9fd193453f73f4e25acce9d48c64806e78f3936fd7939ce49427f22713539a795f1143e9be62d28bdfb82fc7eced2086ef9b30d3912fee4fb3a72dc14cec0966","ssdeep":"192:rqLJL9LnLxwLQfB29wLQ3B2lwLQLlB2OwLQODB2MwLQMlB2SLJL9LnLxwLQLbB23:Wdxz9wMo9wMwlwMGOwMfMwMFSdxz9wMK","tlshash":"0ff1109bfb74f6a0bfcc4046a8420e5af303a68e71bc547cf595ce7aa0945446502bfb","size":7675,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.88412Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7512.5ee6ccf7f05214a7.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"30d448baeb580cbe37a92df38d183bb9","sha1":"f61f83891cf9abf6f4cf53667e1edd7d6d56b24d","sha256":"cf9ef464361507d2946cbb7d65afc9b5f6290cd06beb46cf4569f0458715d618","sha512":"74c955dad0ca0cf5382e32f9a9cce7fae07e6812115f32ef918f52f6dfe9df1503f5dd2f3fb64a5fba563af33ffb4e2859320ab983c335639cf70c9c786f72fe","ssdeep":"768:CwQjj0D8/8qSyFPk5XIg/HSxdprgk0F1ArrWd8RUNvd5zEoAnYnpn6n2nLn+bW7x:HJolblM","tlshash":"54e2f962e94544e823e394d1a6662d02b19d4c96961d103cf2ec8cea76cddccb37bb3d","size":33215,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.897535Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1860.ec060c5f09a57b61.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ddf9bf6483738c674928297bc8b3939","sha1":"048f596005a093e3c74d13e4a8f60250716dbdaf","sha256":"a35731877d87769c275c16b6acf862b605e081bd986c97f13423820ff32a04b8","sha512":"f9cc8b66639191cf6392be33419da92bdc25cbc3c74b4c71c3d9f4fd2ad38d4c7d1e566f2fd727016bf62c2c747e40d08cfe1709d386e2537e8d8b01b1e7d518","ssdeep":"768:j4JMxzsCdXytQbccJR8PGuIqIGUeizdqYg9iQHzuw0Js:2+6Q/s","tlshash":"d853d703ba65a0f413bb9462e76d0e03c22d4d97291d9425f39c8ed57f9c85c33ab639","size":65756,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.900456Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5266.4390c8c32227cbd7.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"12e15248f6bc2e3ff3f73e99f4adb8ac","sha1":"9ac0d9c0f1e19ba9bd6cd232232d262403796ca6","sha256":"6d6b87f39cffe23c4471f33c13d698bdd40b58d92161e93b339c5a76d9c79e2f","sha512":"e509913bbf365709b06e1f8abe4521bf1a390a994e40d44583681d83ce10d22021d611193a3368ae2006cc8e5491e8b8718baa7d5e985c191103ba8a480dd04c","ssdeep":"192:rZLgLxLFL1L/LJLHLt4l7FLt437b0Lt4J7rwLED7LwLEI7QwLEm7JwLEj7fwLEs4:N8lxZ79rp4Xp4Ep4lwAzwAXwAgwAnwAJ","tlshash":"c9f1de8fbdb0f6e07fd40041ac534e12f302518ea2bc817dfaa5e967a1a49553d12b6f","size":7693,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.877492Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9716.733ac7a5977b1b7a.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"818f173645d216d33c08fb39fa936da6","sha1":"89d1e285f5ce3a0919b47f482285a63c1b84b6a3","sha256":"e97b31ff4357764d54ef04a0441b929d5c3b037ce64aa4f74a864b1fad34de9e","sha512":"7314e82584dee5c3dd48eacfc0b67ed8ab1dea8f4ddfae7585d4b6e964b2e7d88c7accfd55de0502556f4b45ba87ec63726c68c99956a924cd4f6ae5328cba6c","ssdeep":"768:tLjNF4ieH4wX9jNF404j4bis4DLjN9F4I4j4d4F4A4CLjN9F4u4D484r4bSowjNB:tLjNKieYwX9jNK38bivDLjN9Kz8iKrCz","tlshash":"a6c210df7aa0f1e03fc6059a9c478e11e20a098d378c807df4945e77585c989ba93bbd","size":27585,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.886056Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4768.6a433690d3d9ac30.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9fe3e6042ecc770a8a5c917e886b115","sha1":"866e4632d0ed54e7a673b61d55b9f1d4af316a3d","sha256":"917eeec5d99c42ae37e57d7a6fa3bdb2dc83e1de82368313e87af49800a01315","sha512":"5a1a0a82e637ffdf6aeac7832505db9da8637ba9f4529864c8bd63566474668275693b1c5190087837e99386c52627f59ac00da94026e90009b02aae1c6ab860","ssdeep":"768:reNeM4mq5i1aGHAvbKZPL4goEQtBAggU7wZpf9eGs1K0qmuCBM:uZBZPL4goFOCy+y","tlshash":"07b2d961af50f3e953e6403286618e11f369d46465291229fb88cc887fdcf9a136b73f","size":25145,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.902262Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/6669.c716898f41a0b1b1.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"c98a5e6524363258b5bea338b8d7cdc6","sha1":"039075f71feec1110c079437cc65d8713f093fc2","sha256":"7cc2a9b5a800f3494195cdce07729845fd16a0481aec9d05907aac034bf181e4","sha512":"6f6a8ecb3e33e75f0d6bbb977d251bbee2897e71d292a261555ccf5becd1fce38635f730b2111cf10f191c5f5aebaf440b0d80a6562d720c5ac41017ffa30a44","ssdeep":"768:+YljPNtzNtSg8uvQXmZfAAVyd1Lt2qLcji2FT99n6Svw1mvsJlSgMRsyf:+kjPNtfSgktX6i2Fsuf","tlshash":"d943f74aaa20d0e9a3e6506576661e03f25e4c49361e802cf2eccdcdb69c98d736773d","size":55740,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.879045Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/298.9c2754b411668822.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7e6552d5b0b2c0536049273818da36f","sha1":"e328f4c8e75dff8e4e29edeb7b850b57b88c0cbd","sha256":"c4278cc474afa8057079885f4f0a504507fd14002a3ac2d41749584c93f82080","sha512":"61d02873db20373b4de8c36d8ac45d5f344a2a24e56a51c4f3cdcc8f1f4ffff40d9751d435a05987e01a7be4d5f66e673a813cd3c74a1c6aadcf6ca2b2c24a86","ssdeep":"192:l32sDyPb2sSL3LiCLBL5M2shw32s072srY2sMC2sNs2swL3LiCLBL5a2sLS2scnW:MHCnLGCNFlqnxiI5L3WFzLGCNFfmnf25","tlshash":"9232dbeb7b70f1e4bfcd1191a9123e02f30bd84eb3a89139b4445d2b704494a9952bef","size":10966,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.882805Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7029.587d23f858ed84af.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"e983689fac5dfbe5d9121d0abf844f8c","sha1":"860273d5e92831197006b202b869443d0c709bec","sha256":"78044160d98e953e7587aa42a747c18cd2826110a7a015ed26b38e2261800401","sha512":"ca7ffca6b4e7869059db20ac1cb6e6e5c6181762a3a92cfa7b0842afcc9387473d57fedad486b27e8cf732db9f8c22a63e6c3b608005690743ca35f1b3a083df","ssdeep":"384:5T5vJqT5vJSaBZjLH6C8p6DLMmYwYSUCYrMUzvJa7j5r/Dwx2zeb:5T5JqT5JSg1bxUsLZYwYSUCYrMUrKj5K","tlshash":"a56260c3ce60d0e4bbd7824267724d82970c4d46125f927bb9eb5c69329c94ab3a373d","size":15920,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.898275Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/187.fdfb40bcfbe38d0e.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"43d17eb4faa77d674622187dc6ddec89","sha1":"0c5b3225b03110098ab04b0401e1be8df43f6731","sha256":"4192a4ddec2939a99166ba30dadf75c13bf62bca3fffe307a63e2b83ff6dee1f","sha512":"c34cc477f556c4e816e5109e00e997bde19f6eb78024ce3025d28d13727031309a1253d2e46643db42219a102a019a1e27566e07552b2441e9dff14114cca89e","ssdeep":"192:u9MD1u+Nen74e9MOjkPxZY6aVx5+rCzxsF/jL+v+NVYBN4mUJYPJFo/J:u9wu+Nen74e9L4PxZY6aVh+kvagN06ox","tlshash":"504297218e21c03592b714eaf7a60e41a57d344a615a0478f38c8e9937edddf33af729","size":12622,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.904076Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1812.f82df707c8692ea7.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"fafa9ae3f9baddab1d62e451a11bcb4b","sha1":"75fa0b36f927ff0831b341a826e40895c4a1a98e","sha256":"a89dbaf100b4140579a58bd50ea26a118e039245c57fb13f842389093b0dc8fb","sha512":"ee9f284f47c58e8a8173215f5a4bbde6e2a1f3acbfbe2e95076d688ae861656a3fd87bf0b499f3a72dbbc79bb7fd8a68d833b9156570a3c692f0fae754f7678a","ssdeep":"384:j5W7cbWGBGzqaeLeiebBjz5DOGPdl6V5hz0RQEb:FW70WYaEh+Bj1O5teQEb","tlshash":"cf7218d3aa55a42953f3489aeb130605992d00d0969f0a6cf76c0ce527ecdce336b7bc","size":16378,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.871451Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/2161.76f7ac62deb9f1a6.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b9e7ec6ec4360bf6e7bfff9a8b9f4824","sha1":"b1848a34814fe728d346eeb71da9b37839e59ce4","sha256":"fe1fd26f1a588610137fb4ab0471136aba4ee1d4fc25a5482d404e58a30209ed","sha512":"c5a0323b9ab957af61861bf135e51b395e14b061e33c49f01ad740b743d608fac2d6a0d479156e7121a1593ed3d5144ba2878c1c70360bd72e0918eb1ee5559d","ssdeep":"384:yzjtpAv2sa/fygc2XKdVtlT33bnD622Cdp0olKjtbVPi53B1ydQu8YUbQc4vJV8D:yzZpAv2sOKdPlvnSCdp0olKxZiJ3ydQh","tlshash":"a8b21c577b60b4d5a39308b2a55b2d05920c9c45da0d8038f1ac89de7bee8cab757b3c","size":23531,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.879811Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1554.23ecccff0ac20141.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"43ca0283421c4582b5c8066bc124251c","sha1":"2cbc97c4f1caf816230d24a13e6a98d231e55625","sha256":"6bb9a994a17207bbb1d82112e00c91f97854630c2bf61c134a3babc4cec5d889","sha512":"997d5703cb616ad5442c14e20a39d3655f97295738c896a3fe43c15630bf5b09d069b67665b3a2f8e593137383a7b568a68ea459341eda1eddc6cb05ee4694c3","ssdeep":"768:2ynGbBxaHISq1uw+Aob+Dv2P6leZa+bv0QtFSFQH7o7O2y0jFUkboOR4lwM2BkBA:2ynGbBxGWjGaQtoQejEk+EHWzpTy","tlshash":"1f930997ae10e0f953f54069e66e0903920c5d49a61e4068f7dc4edab3ac9cf77a3338","size":96405,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.889589Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7200.e7d066ecb8a91b38.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"60c04c8832572d0cb2e577f064d40c2d","sha1":"1bcbff1c0001ac7caddfc770ad7e63d3a07028a1","sha256":"479a07ec43ffab338eb19f3546d487cfdda600275b1b45feb96cc529a8fdc99a","sha512":"ed175f39d157bda8b1717e316e36dd3510a616acc55c827ae096a2f38cc3472f72da778a47626717d3a49d3b60ef8204b06d87b16ea5be87fcc82b341d9982f5","ssdeep":"768:+XTflVZj/SoGTzyDMzPzYU1GyNJ3zefPT/aYhKUv3f:UTflV4r516v","tlshash":"a6f20947af9260ea13cb4165f66a1b02e21e4c86570e402cf6cc8cd976adb9c7377739","size":36942,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.882042Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3866.b641f95df48c7c69.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"57b4b10802a0cc76fa916d6fd9d226bf","sha1":"317024f67021abd01fc5d6fbea61500c3f69ce35","sha256":"21ebcf7918acc2f19679977292ce0b096eff7f14034f16363123ec33f3890846","sha512":"531129431d2d4fc3f1785bb6097fc027b2abe839cf4ad3ac2941e372130e2ae877f38a4afbdae3505c8ac450f1e6a479b450c6a8f6845b99e70c094bcecd4116","ssdeep":"384:dEFk3+kEFASRXmofW097ZI0EKrdsnvCqgBr2Mef43L+ijj:CFk3+3FASRXTlMQyo69i","tlshash":"4392f8522a60a0e473d294e1f55b1d13a2994cc2a709526cf2eccedeb59cd8cb36733c","size":21055,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.881344Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/8829.56ef0b5ae621f74a.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"074732253d75eeba14d4ce69b489436b","sha1":"fd56ab72f12580aaa2c84de063a4f5ecc5c08dc7","sha256":"4b28bd805b169d9098918f040b7fd6341a659f0f56b83e3a774f304915565da8","sha512":"01a98c2f03ff0863b9dd16c91024fc1b27d4ee4fa1ee5cf4c807d3b1545ff17a7c95aab785b544674701f8e2815a3336b194e114c3b3b458c9c9a774aedd5a3f","ssdeep":"768:1jrFPJDLE5vrQ/XU7BVGQKgRGPb8E849DuvsncUyDDCtgAkyZMxzqzmVnVb50Nod:1jrFP25vrQ/XCGQLGhcwsuIf5wMJh","tlshash":"992319622da0d4b953f684aae6673601615d1840a11e89acfbec9ccd75e8dcf3377338","size":48702,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.870741Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9781.fcb842b35e05ef60.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"f15a3945a7b20748fcc907d6dbbaa242","sha1":"9e04f443fc0f10f699269594b416268539663f93","sha256":"b64a75530d75807ce301aac7845edacd165d332044537ddbf05f5c2a8370159a","sha512":"37be7792aa714748b46aad2ef64a88353043baff4acc8c1abc6dfc0d7cb61c2c5221a60645358fae3fea066a89b0c5429e5994f31c39a6d7fc78daf9b3f6a49e","ssdeep":"1536:jnvj7vyDLlMJrRLl92GEaGxUzE44XASnPi/iSLBMA9UIwIip218vb+y4fAeY97Gu:jn6DLlALlgUii/iSLB6SipJYYeY9w8","tlshash":"b39329a2ab50a86e13a700a2f3662b0a611d4891650a421cf7dc4ddd7bfddce336777c","size":97069,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.87302Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1659.6a28b0c9c9277d03.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"e19e4801312556e82d39714490866d66","sha1":"d434ec7aa345ffd2c5facdd759b058aa07a5d648","sha256":"e62353125357b343c4bfce4504781998c4eaed05a8dadd6169f708721d1901b7","sha512":"6d48904418d1a0d5f1fe2528afaf3edaf0e1562364618e18866cd61df681b7e1287d3a00d4631a3d400f58b8485f29101b9609072077362699253095c8b02642","ssdeep":"768:a0r3Osu2vZJJnPzytLG/0je4pskNHY8p/C:B9neVe8U","tlshash":"54c21a96a75065f8539a90e1b3521906a61c5c83691d440cb3ec4cea76ececdb3fbb3c","size":26317,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.874528Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/polyfills.4c1d388f8edda830.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0eaef75c370c6c200bff331d68afeaa5","sha1":"039083ea3ec95ccf4a1c0f6527c2458ea22770cb","sha256":"a2b6201d57e32e907d518b14fef426161eac7b7e1cb5951b31ff47e7dc8c3710","sha512":"e2bd1044e860124897482e27be4dd782eb10de95deb686ea413da3802d3c0cae6bc2e6864ff15f3af99a6410c62087d3985c6d3f8cd13d12af4fc6b8da0aa42a","ssdeep":"768:MiD8ob4rrsG5MKI3TYNaAUzvN17J8TQ5RGOIKoGspGKzNgvlkZoyGtzbclZ013h3:FBfbVtKTYt","tlshash":"94e2f7d97392b0b687f659b1853b4007b73729a0784c48d8f15c89eb3d3b089a5a6f3d","size":33791,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.860315Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/185.ca471c987675af5c.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"06f3d0caec40894490885c429f2a1b73","sha1":"0edeaf80d31f0cf7321d53d05745f7e84183224b","sha256":"f81ab00a6dcc58f2ee563fd139bc8319bee0e68a146ef35e7c3090e67a0b55d9","sha512":"159b54a66ae189db455b6c51d725f07042ad1d473e4a0b7fad93fbb0156a298e8efca94880d98921b663be9dc1457baa108bdb6e1a77973d7ea207d4898303a2","ssdeep":"768:8TPB1b/Ex3aP2RCzUQoXKf/yruOeCnbwn7nBN0yOv/Ssu2sFxlE:2/Ydi/yru1TF0","tlshash":"14f2e78baa1050f813d78071b66a1607a27cdc09661da058f6dc9dcdb3de9cd72e7a3c","size":34400,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.901348Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4837.c3520bb1e281da12.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad0cd8b606d3a0ff0300d910c1cfd212","sha1":"d1b24ecc8ccf05e00885b2db3c736ac87f859cb0","sha256":"cd443ade3e638fbf166854d0ce6b261d27675e94f72acb6be69d8625ca180c3f","sha512":"06a44cfc32247bb073cde4ccda0c7bc2ca8e96dbd2e5d36f0e13fa5d5ae4da79d8b6c50eb92121fc7935e00d9a27600f89a94dea09b37f20dfcaa981547a86e4","ssdeep":"768:yzowTU1qvzcgsudQQm3A3e3t/3CgY/efeDMQE0M13LTfkuUwZudkY808WQWodKbk:uUceUGt/3Cd/L+MtjHTpVDNO4Cy4","tlshash":"3953d8a3871081ec63d7c460a35a6607932d9c56a20a9558f6eccdbcb7cd6cdb2d3339","size":61070,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.903081Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/main.52089746468eb302.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce34c0f64aef1923fe8d4435fee8a53e","sha1":"6ee2da96624129cc1ed2c0ffedf48d3cde5a2cbf","sha256":"0c4383d4442f9d61cc34a1448a5a28156cb6d229c64299b4118ba297d5311df0","sha512":"c4644b7843bfa8e3aa545d2d664afbd58ba5ddc97510bea54ae81fe135bffe7d04ecb27af56d530f77c76861dc456c7cf742fb70be10cc96d2939b589c69d1ff","ssdeep":"24576:A2BRFnU0X5ur8KkQtra74i48slR0Q/jFLzjp4o1b8Ir0up0CLbJ75Lc1tf1qDiuY:AB8ENW4ihslRT/jFLzjp4o1b8Ir0up0J","tlshash":"6d152a953292f43583e750a98477050bf22e2889f50884acb69cdded7ee9c4da177b3c","size":958465,"data":"","first_seen":"2024-08-27T03:16:31Z","last_seen":"2025-02-20T17:52:24.862743Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5861.7cf9cbebfff9b62d.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"1234d718b00d4ddc05533ec78cd2ca23","sha1":"1d1596f144008809f008526e3de15ba391e2d1a1","sha256":"9a60cd100fd5ef0872769f08d9c09f063ade19139dfc9630da95d01dd9c3a0f1","sha512":"3230179c95598b942c6b43ee9ecc598c1ffe930651b953593a8d2b088826c606fc442add472f14d945f0f98f1ddeb78e6911102738bba680909de15c704f7787","ssdeep":"12288:svrQkiOzuSJZcZBSYAkHTpdwagSTJriL0:sBiOS91Ndwag6JriL0","tlshash":"e7c4499876517061839361b4447f050fa33b680da849856cfb69e8ea6dbc84e727ff3c","size":586197,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.867976Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/common.61065d542610f653.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"541af506630c6156100b365305208e87","sha1":"5efb2a7d834faa36334c0f25608a6b369dc0d6d0","sha256":"d91eee3eb1c713007519b298621c06bd741e7c670f0433c2da2ce0968f540266","sha512":"8cd0715c74d162cfba1674510902c23b81645e27e088b72526514af5b589b0aea70cd9358527ee997cf77748a766226e59ede113c2b6fc3b9f3589559c18ea49","ssdeep":"","tlshash":"b751627bb191ecd57b650d7a463909c8cd2956c83b0d0df8f2e4daa1b111468eb62a31","size":2629,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.878427Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/8407.a4afb0822c89d19e.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"66ea3aff33578f14bcb710c47821c308","sha1":"4583a3150fd98a008519bde3c32ae2723953c192","sha256":"2666db89ed341879f887eba7bf5cbb763011f47f6f764f68f2bf9b4593a51eea","sha512":"d0ab9a843b08de2b37f31e08f2448a9dc6689e9a9d36077e0972adbca159b2035e108c5a84427b2431bf458ab40c910e42e205ff055110cbc0504b9b12c0268a","ssdeep":"","tlshash":"9e11129e5946f07394aefd43627f0c9e44641c50b15f9abcffa9ce3ac5008ac19e525c","size":1002,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.890242Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5562.e89aa1533b143913.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"8615dcc595e0b2e8422c4d67688cd94b","sha1":"2c94179d2dfaa8d535f465b5394f237a610e2624","sha256":"d5b6523d25a9b2238eb98fdb7aa2cd21931ebcb041ebc7d7071a8ae57a6eff77","sha512":"471b2a96d8b99e7bade77c5902ff7966c2047c7129cdb80947b752d91494bee92077952ba3b265c65550afc61f364e4c2fcf2336d58500ff837005a538708021","ssdeep":"768:8gUAwp51UDHpl0PQUem5t0ec1gAC1+eoh7J/dmvJIq7KBCXqGMxvaxPllCX5Xxz5:8lAwrXnb+eog5tsiv/0PocwjgwuiI","tlshash":"3173f8438f2264eed3f24115e3e61706861e9ea2a04f5564f5cccd8cbb8ce946367b38","size":80135,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.893773Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3645.a7275aa7286bb926.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"70c351d4c001043c50952c90c8082ff4","sha1":"5f5a8082d66b56c8fddff1edca2ce76af38fa2e5","sha256":"2e7b67d631319f1c34fdcd7c4bf7ccd66b9e90c6a7184a9a7ec8e456c675d170","sha512":"d50800f6635b561e36fd04656d8e055a3fda12849e4f5f4d404f0b791e5f2646944d5a6a6e8b6e9d5e02ddad51eccf905d178e9743f03d29d031867c8935cc4d","ssdeep":"192:rmLxL1L/L5Al3dlXqlLtliklZjTMxlWyMxloLuUoLxL1L/L5klz6lmnlvOl/klxu:ylZ7F6n6iOTZyJLuUolZ7FaBF6lnADGp","tlshash":"62e1addf7ba0f5d03b9400a9cca34e22f314495d334c817cbd95ca9be860558af66b7a","size":7274,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.884752Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4810.f30bf86c193c57d8.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ecb30c8608350ec6a1c8d5a735f6210e","sha1":"27dfa114ee119b76f9bf08f3b30d7021b94423b4","sha256":"332b65e944a5e5b4907361f22649f2800b9a830e4908eb1857660bac398fa667","sha512":"81b58af5e60af72b6ea7ef2c059ecf70de17d1dca147011ec7f71b771f5c6a2e8653bc8e43738eb1c4389961333c75e709a135a930490a6a85606a77c82b81f9","ssdeep":"192:rkL/LsLtwLoTvZwLHTUwLyTHwLSTvwLTT0KlL/L8L9LtWMTTJOTT5L1L/LtWXTLG:Q7gpwAwkwGwiwQKl74Bp5UZ7pEqSg","tlshash":"b3e11f8b3db0f5e0bbe50481ac635d11f342058ea2ac817cf2a9dd1ba599b143952b6e","size":6933,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.886837Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7011.821f48236a941cdd.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"74632ea23568783410b91a42b3b5869c","sha1":"3fce93e2a41731cd1b72033aff471576813a84fd","sha256":"ad327a4133ffef9e1b427a8434d38502e92f68fae2e9303af50925fdc28a7e37","sha512":"5ed9a6aa7530ef89aed99630df0ec60cf086c4b1cac1c17aadc199f08f38c340e548f275349124d8407055b0bca1bc0f4332608b6645421d00769561263c4263","ssdeep":"1536:K8ATwEnInuoJD4aWSrzw0XdKTClJNSJRE2ojYckhZqYXK2PDs9R/6QQXJt:1uoJkaWSA0ITCl+skhwZ6M615t","tlshash":"20142aa39690d0f963e2a4b07a6b4502b12d5c15662d816cf29c8ddcb2ecdcd727773c","size":202832,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.895634Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7687.16db09dc80554f98.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b91b8310b218af44121c5d349129ed0","sha1":"ec0f0b3493824d0a3d788ef64a3129dd0765d0b0","sha256":"66a815f4c40c9397c47b6418d2f0d1a6d1317a2925c44f6cd4bef6d274310965","sha512":"f5d6a542990d8acc56fdfa75a8f2824ed6f339e8b754453d486e2f22608816e2c157b546df717a01f49b4950b948e1dd2b26ee36ae06d62e93d801ee5c041829","ssdeep":"768:g3bx/3bxvZ8X2Z9p2U7kTfYs9xABsz42KRvoyxOeFWqMFpwx0:g3bx/3bxeXXdM0","tlshash":"ae031c926a64d1f453c3a1a1f6661e02b31e4c8a621e806cf7ac9ccd779ddcc626373d","size":38978,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.899109Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/runtime.73ea8d9ef2e8273c.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"9267a158e5fa23456bdab7a953a6f139","sha1":"3ccb33b40fd802e71ae64ff1de725a8630899d31","sha256":"07234deacfa6843c36d9694d5d0415a1de526f549991ea2fcf5d43881c011434","sha512":"e55a60ad57eacd477e1747c4432df1a1a87b75199d0e4ed7fe4b58a190e4a87795a689acdc8dde8723fbe45fb228719ebd3ae08fdbac92036c4afba3d405dc31","ssdeep":"","tlshash":"0081c9ba7218e5762fe950c2393fdcf569496423220bfd61b707dda9c4149f18416b31","size":3928,"data":"","first_seen":"2024-08-27T03:16:31Z","last_seen":"2025-02-20T17:52:24.859414Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/6056.574549d4fca33cff.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ee8dc2eac4b01995351f653d697095c","sha1":"1bc766d30b73a78dbaaf4085caddc3d27cc11f46","sha256":"ea1a153e63b749518a0c59cd15ddb96428d0db3479970006595b53172ad2e9ea","sha512":"639cb6ca056b841802cae4f2d92ae81c425ae7d0d8284a3c49221e735af8c2f78ee8befcc4f585d377f281a23dbf1d8fdae4cfda791e8e5d784817f99f35f92c","ssdeep":"3072:ZcAlX3fRXkXRdW+gHyOEzptmcn3lLJVsgduKjN7:ZcAlX5XkXRdW+gHyOEzptmcn1LJVsg/V","tlshash":"7ab3f897971010fc63e78562f3966503122e8d59920e8268f6dc8d9cb69dfcea3d3339","size":108787,"data":"","first_seen":"2024-08-27T03:16:30Z","last_seen":"2025-02-20T17:52:24.887501Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3015.4b803307a08d7dba.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"cece1c72fbbd59ff25448ffc2eabdf71","sha1":"d94d0606735ff408d732598e3cf77cdadc1a6572","sha256":"d40f1af995620500eb1e94323c2b60778d4016787fea3ed94f036a468a073d03","sha512":"ba4494ddfaa2728f7123615bd04b35ba3b532c0638d07f2fabb766e5ef38fc8df87f7a1e98925c5378be5f31182f435147b3bf6e1706f45e336acf79dc086fc9","ssdeep":"384:x0cbTRgt7b20g6GHnyu00KkiXn9Hi5gv772bjxicTJ65mfRj0cllVdl1uNDB+grS:x1Tw7b2Z6qL0VHiG772vYc4520UFeEz","tlshash":"f303e6479e0590f913e394b1fb6e0943866c8e45360e9098b6cc4decb6d9e8cb397738","size":39890,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.89295Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3410.f3de76e9c2ccde42.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ae7d47cbe29865d42cf37e203fa2b97","sha1":"2b8dd6ee7c31d4988ab9494813dff53a28ad0d2d","sha256":"372ca66130ea63dfe1cab2d946a63d0abe5ca07befadd06ac24ab9b837e885ff","sha512":"8b64ec2387394bb287f5c299adb1e6a5b749d38a991f11a507876fab9debb02fd92411cb369607741706b40ff1cb3f4cb456ee134e7fbab51e7cb8176f46cdc5","ssdeep":"192:pbLjhvxmSnwWNh+BdNfd7vRW3F9NDZap04dfoez30buJL3oUvkq3KxcGalOiXNRZ:pvjh5mYVuMXsJ1vz30gfk4KwlzRKo","tlshash":"5c92d9a3da58c07cb3f85c69e5325f05f13a1e19751a422cf65dcc98a2c5ece2252377","size":20468,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.894838Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1907.92e71a8278f6f940.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"e64fd0d0482031e64a7ade8482c906ad","sha1":"40f22b951d169785054d720bdef524c3d6be8e4e","sha256":"189bf2bc63b6bb5d81e6b3333a2777326a24c706df19de10929c7fbfb8b69ce3","sha512":"a7ad993e4e4863ed60673d7c8bf9cef294bf27c47025476311098948a5e9d53444a2112c7c06708aebaae6e599cd04d550e996d019dac4735b3c37ffcba44412","ssdeep":"192:r/LxL1L/LlwLM8vPwLM/v6wLM3v+wLM0vrQvTn4CvV4Zwvq4szvq4EwvX4x1v0LE:blZ7BwIAwIqwIGwIcc4m4Zh4sO4Es4xB","tlshash":"020210873eb1f2d0bbdf4452dd634e12e215848d324c817df6a9dc2be8116946853fae","size":8325,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.885292Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9391.1ad9b98b5be2b5a2.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"a15ca7da1a2d1d82fe896bb4d251216c","sha1":"c5095fb2f1463058ad6650e4500f436fbaf9041a","sha256":"fec10b2998c8d341dcd838c5872ff684b215037158d3f2eacf97d03a99b0314c","sha512":"4635075511d8d8e19cc70a216f8fbbc819a6d0641c35ffb7eae5a384ad8ecccd9026e686bb09d22a9ab07eb86d4ffe2ac9fd6f96bcdd38d59b0877d30266c4c3","ssdeep":"768:GP6XNf8LoteZVvD86vy/ffD3kcsHy1tJFithWpByOTM:c7jmithWQ","tlshash":"4f0309465b6155ec039e5070fbbb1e13860c8c56570d8958f2ec8dd9b68ca4eb3bb63c","size":37868,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.888204Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/6567.23029f3f11edd345.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"7821824469e5088f3bafda2805466d02","sha1":"640cb9d6e79df1da08c2d46070c32659ffac6585","sha256":"5a7c71550f51d59701dff3c2b84f56e9de1eed94b6c4acd20a2964e4ea2aa756","sha512":"50520d5874815a7242f0d6b4d39637b36c2161b683392f4585b3b525412950be459c83882656d0145993dc7fb77f359d9bcb5604784baccff3959a0a5ef3153d","ssdeep":"384:ZEKO6ABqjwxkN7Z/fU62HyhNLeZcLtbxFy:ZohWL/s62aNLeZcLty","tlshash":"ee92eaaaeb5094edd3979461a1527606d32c4c42a71d812cf7ac9ce8f69cecc726733c","size":19536,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.89085Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/scripts.3846d86d42cdb753.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"42e453ad05a07693a67ee833f69074c1","sha1":"5d2e8d00fdca9e2e24db5ff3b6931908d56b2c36","sha256":"388a82c6c41fcc70b9b28a399a359fbe8fd3e8281ae7ac7f9cff214c7ba3c3b8","sha512":"a7601a97761529f3c3789de6272e074bddd7573af73935daf37171c0d80a8c8b753b4e91e56075b5de5f6550d9346bcd4b3547f431bcaa3c2461b9a922ef4fce","ssdeep":"1536:gDzPq5EPX5tPn25fmjdR3DRCJU5xV9AVRbGMBJRGlt+dqoHM9aUjL1A+yZfayyQY:LqKSPmWsxjNNKtjlBeShK578ZeVJ+","tlshash":"6bf4537a424c16b7d3898b902a19229465e3a5f3f22d4096fb9e1f1eff45cf3047ba11","size":753665,"data":"","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-09-19T17:11:57.923069Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5523.d1c49aa06373cb75.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"d91e69304eb6694af13a23e6023dfea5","sha1":"17107f1cf9a9279c3a04c8af3d59977c9aea107b","sha256":"178a17dc914b1ebe649d812e28c3a6bf3c5b1fb686730daa521abd4e575f4a1a","sha512":"69949725ec2da792736b1a3022d80807398d43b6bc76db93e460196e0001d7f991440082cddeb3ce1973cd004a3c952433e1d77e95be09421a755a959833df02","ssdeep":"96:r+DoDl2hrXrX5eClvCD3fYFdQYHT0YeoHlRqh:r+DoDUhD75CcxgiRa","tlshash":"5fa183967142ea4ae3a81d1572fa0d0a0c0da105491a149ef30cddbe93f58fc6ffa763","size":4592,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.870026Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/771.6548ef50cf882b90.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c94328e3c5e27a98b71eac40d874103","sha1":"f8ffdbf1e6782a9c0d6a6d2f0dd78a42cde54b2e","sha256":"f19c3545ad466e32964cc9b11b83b87364baa19196f310dda43f30c77d7ed07f","sha512":"2d8435ffe6331d3d4de7d6823da7db7d8afe2dd20752f48383669b1b4ffe468d08eec48f422112a7b13c23f784fdc5e1321baa90d057589ffb25ae38e67a1343","ssdeep":"768:XH30A9QKluuNmxnWXfuha4vXKuBuy8uZfO1hfbfR8IsAev56Sh64caOXzOGu:b7rMjBuy8uyaOXa5","tlshash":"c733089b9a6081e823e78022b27d5603933c9c196609a058f5dc9dcd77de9cd33e7a3c","size":54525,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.880606Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7872.59f508be5b269384.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"d891c2ac9330a7a2c95f232c1346dbb7","sha1":"6a6b6296feeb885ef543bd6b2d4064d370437878","sha256":"43074d8bf794a9b982f7aa93c95dfc0cb5ad30995870b80006553dad2fabe9fc","sha512":"bf5f39143f3236d8f8a600207a3e3aca686e68c1c762ba890dcc3d5487dde3757763babe049debe8b397f1276a3275038c2d873840f006f0752647391588f000","ssdeep":"768:zhZy9rfCX/p4xhrf6XZO0YGA8rf/XJ34KbWcrf2XstTX7VymPnrd/G54xZHu9uiF:CrfCXMrf6Xdjrf/XFrf2X+p/cuoF1rfh","tlshash":"c513e553995140ee17a7d0a1ba6f0643420c4d9a521ee49cf7cc4de9bacdd4cb3abb38","size":44248,"data":"","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.891473Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9285.d6e79a84c16199a0.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"c01ec641ec0c09e77e467f0b7bd14255","sha1":"d77c478a0a85808e77fbd97a2fceaeea68d2bb7f","sha256":"6fbc0295d5eb50934e5dc354a14063b66b0559557c499d61e35eab3fd01d2c01","sha512":"e5e088dd0564f43af7354b28e2389bb965418c8bf2844c440749581cb99eade570b70def90d017470056726565a21d73d79013ef66e5ab54760697d854c3881b","ssdeep":"384:xN1Wp29oLGCNpwR1KpH+N1Wp29GCNpwyNvAXbd2oLGCNp+783LGCNpNAwuwGge+B:L1Wp29oLjNpwrKpM1Wp29jNpwgIJ2oLf","tlshash":"806211577da4f0d0bfc50391be174e43f306818f63ec807ab654a96b299ce915a027be","size":15386,"data":"","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.883524Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"91.198.77.215/bins/sora.arm7","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-12T19:34:25.919Z","timestamp":1739388865919,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /bins/sora.arm7 HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 308 Permanent Redirect\r\nServer: nginx/1.25.2\r\nDate: Wed, 12 Feb 2025 19:34:24 GMT\r\nContent-Type: text/html\r\nContent-Length: 171\r\nConnection: keep-alive\r\nLocation: https://91.198.77.215:443/bins/sora.arm7\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":null,"data":{"size":171,"size_decoded":171,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"4d924c5d6627d7f8a12b1e3bdd57919c","sha1":"32074b1d84e9508243aa42e4330c694b6c1e4077","sha256":"043178c021a2bba3043b0dae23f6af7c74480ec49a85ee3b2c57cc960c56498c","sha512":"3fa262e1ca83bdc3fa7285ed1590077d6a8d3f0a2b29a0b9ef783cfa6e39fca3aec9664163f5d35ae1cd044511388cda02cf18f2519fc803efc6e45c84b7b751","ssdeep":"","tlshash":"ffc08019fd413cd88cd7333d10c35484f0f45015515c71115160015371c31434dc23d7","first_seen":"2024-08-27T03:16:32Z","last_seen":"2025-02-20T17:52:24.857337Z","times_seen":65,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":67,"dns":0,"connect":31,"send":0,"wait":37,"receive":2,"ssl":40},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-02-12T19:34:24Z","timestamp":1739388864,"ip_dst":{"addr":"91.198.77.215","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.23","port":59412,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO ARM7 File Download Request from IP Address","source":"{\"timestamp\":\"2025-02-12T19:34:24.680394+0000\",\"flow_id\":669198716004412,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":59412,\"dest_ip\":\"91.198.77.215\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025125,\"rev\":3,\"signature\":\"ET INFO ARM7 File Download Request from IP Address\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"IoT\"],\"created_at\":[\"2017_12_05\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"91.198.77.215\",\"url\":\"/bins/sora.arm7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"https://91.198.77.215:443/bins/sora.arm7\",\"length\":171},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":684,\"bytes_toclient\":593,\"start\":\"2025-02-12T19:34:24.616508+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-02-12T19:34:24Z","timestamp":1739388864,"ip_dst":{"addr":"91.198.77.215","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.23","port":59412,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious GET Request for .arm file File","source":"{\"timestamp\":\"2025-02-12T19:34:24.680394+0000\",\"flow_id\":669198716004412,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":59412,\"dest_ip\":\"91.198.77.215\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038656,\"rev\":1,\"signature\":\"ET HUNTING Suspicious GET Request for .arm file File\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2022_08_29\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"http\":{\"hostname\":\"91.198.77.215\",\"url\":\"/bins/sora.arm7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"https://91.198.77.215:443/bins/sora.arm7\",\"length\":171},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":684,\"bytes_toclient\":593,\"start\":\"2025-02-12T19:34:24.616508+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/bins/sora.arm7","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-12T19:34:25.919Z","timestamp":1739388865919,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /bins/sora.arm7 HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: text/html\r\nContent-Length: 785\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:42 GMT\r\nETag: \"661cf03e-311\"\r\nCache-Control: no-store, no-cache, must-revalidate\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":785,"size_decoded":785,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"102577d8515bbf1a529ccba3fdde1ee9","sha1":"1a9852bc88b21f776b22d9c6ef5b02a8ce9ae6d8","sha256":"a8996d588f0f337aa3be93cb4432f62610042eecc9e1dc05d3cf9b352ff49f3f","sha512":"11c3e74e3c0ba49790a0f77856190cba5c0210088c93e0cd0ba9d776782388083c0d7bd7d73119f3a5fbf5cd4ec9bb6f542b96c149aeefff5bca694fd2648401","ssdeep":"","tlshash":"d201f4462c74c82f02001d497c71b42d7dc0dacb9f258d8035de51a64f95fe98cd399c","first_seen":"2024-08-27T03:16:32Z","last_seen":"2025-02-20T17:52:24.858538Z","times_seen":65,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":67,"dns":0,"connect":31,"send":0,"wait":37,"receive":2,"ssl":40},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-02-12T19:34:24Z","timestamp":1739388864,"ip_dst":{"addr":"91.198.77.215","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.23","port":59412,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO ARM7 File Download Request from IP Address","source":"{\"timestamp\":\"2025-02-12T19:34:24.680394+0000\",\"flow_id\":669198716004412,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":59412,\"dest_ip\":\"91.198.77.215\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025125,\"rev\":3,\"signature\":\"ET INFO ARM7 File Download Request from IP Address\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"IoT\"],\"created_at\":[\"2017_12_05\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"91.198.77.215\",\"url\":\"/bins/sora.arm7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"https://91.198.77.215:443/bins/sora.arm7\",\"length\":171},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":684,\"bytes_toclient\":593,\"start\":\"2025-02-12T19:34:24.616508+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-02-12T19:34:24Z","timestamp":1739388864,"ip_dst":{"addr":"91.198.77.215","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.23","port":59412,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious GET Request for .arm file File","source":"{\"timestamp\":\"2025-02-12T19:34:24.680394+0000\",\"flow_id\":669198716004412,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":59412,\"dest_ip\":\"91.198.77.215\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038656,\"rev\":1,\"signature\":\"ET HUNTING Suspicious GET Request for .arm file File\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2022_08_29\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"http\":{\"hostname\":\"91.198.77.215\",\"url\":\"/bins/sora.arm7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"https://91.198.77.215:443/bins/sora.arm7\",\"length\":171},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":684,\"bytes_toclient\":593,\"start\":\"2025-02-12T19:34:24.616508+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/runtime.73ea8d9ef2e8273c.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.175Z","timestamp":1739388866175,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /runtime.73ea8d9ef2e8273c.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-f58\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2276,"size_decoded":3928,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3928), with no line terminators","md5":"9267a158e5fa23456bdab7a953a6f139","sha1":"3ccb33b40fd802e71ae64ff1de725a8630899d31","sha256":"07234deacfa6843c36d9694d5d0415a1de526f549991ea2fcf5d43881c011434","sha512":"e55a60ad57eacd477e1747c4432df1a1a87b75199d0e4ed7fe4b58a190e4a87795a689acdc8dde8723fbe45fb228719ebd3ae08fdbac92036c4afba3d405dc31","ssdeep":"","tlshash":"d781e8bd631cbdb23fa950c16c3ed9f5aa087033250b98a2b74bde659118df14906e71","first_seen":"2024-08-27T03:16:31Z","last_seen":"2025-02-20T17:52:24.859414Z","times_seen":65,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":70,"dns":0,"connect":31,"send":0,"wait":33,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/styles.75cb4562f0127450.css","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.172Z","timestamp":1739388866172,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /styles.75cb4562f0127450.css HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-8cb50\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":168542,"size_decoded":576336,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4a0da1c03e5be9cf0802fb3344188844","sha1":"d486a9a1a1a577a8dbbb61edbe73beb91ab4a80a","sha256":"a345d2b790e41d83a4a739a8c46adbce646e37943b8af79aecd42d7a153c7a50","sha512":"7a65e63ea0a2cccf5854192e641edaa31e90024455add2fce8ad982b1ffb896648819433851e66fce932722a07b29e32ddcb8e963b4dd345b03818d04d400be2","ssdeep":"12288:cGX5zBEwqFdquz32fkbCsSYZhRAjPNl6WB:cGX5zBEwqFdquz32fkbCsSYZjUes","tlshash":"8ac4e91cf1203a6faa27844de3885d6fd61a7e43ea160bb0f1069b489fcb6c51973f54","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-07-16T03:52:43.643735Z","times_seen":72,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":146,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/polyfills.4c1d388f8edda830.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.177Z","timestamp":1739388866177,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /polyfills.4c1d388f8edda830.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-83ff\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13415,"size_decoded":33791,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33791), with no line terminators","md5":"0eaef75c370c6c200bff331d68afeaa5","sha1":"039083ea3ec95ccf4a1c0f6527c2458ea22770cb","sha256":"a2b6201d57e32e907d518b14fef426161eac7b7e1cb5951b31ff47e7dc8c3710","sha512":"e2bd1044e860124897482e27be4dd782eb10de95deb686ea413da3802d3c0cae6bc2e6864ff15f3af99a6410c62087d3985c6d3f8cd13d12af4fc6b8da0aa42a","ssdeep":"768:MiD8ob4rrsG5MKI3TYNaAUzvN17J8TQ5RGOIKoGspGKzNgvlkZoyGtzbclZ013h3:FBfbVtKTYt","tlshash":"94e2f7d97392b0b687f659b1853b4007b73729a0784c48d8f15c89eb3d3b089a5a6f3d","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.860315Z","times_seen":66,"resource_available":true,"data":null}},"time_used":251,"timings":{"blocked":74,"dns":0,"connect":31,"send":0,"wait":44,"receive":54,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/scripts.3846d86d42cdb753.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.178Z","timestamp":1739388866178,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /scripts.3846d86d42cdb753.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-b8001\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":185393,"size_decoded":753665,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (55905)","md5":"42e453ad05a07693a67ee833f69074c1","sha1":"5d2e8d00fdca9e2e24db5ff3b6931908d56b2c36","sha256":"388a82c6c41fcc70b9b28a399a359fbe8fd3e8281ae7ac7f9cff214c7ba3c3b8","sha512":"a7601a97761529f3c3789de6272e074bddd7573af73935daf37171c0d80a8c8b753b4e91e56075b5de5f6550d9346bcd4b3547f431bcaa3c2461b9a922ef4fce","ssdeep":"1536:gDzPq5EPX5tPn25fmjdR3DRCJU5xV9AVRbGMBJRGlt+dqoHM9aUjL1A+yZfayyQY:LqKSPmWsxjNNKtjlBeShK578ZeVJ+","tlshash":"6bf4537a424c16b7d3898b902a19229465e3a5f3f22d4096fb9e1f1eff45cf3047ba11","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-09-19T17:11:57.923069Z","times_seen":77,"resource_available":true,"data":null}},"time_used":392,"timings":{"blocked":74,"dns":0,"connect":35,"send":0,"wait":41,"receive":197,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/main.52089746468eb302.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.179Z","timestamp":1739388866179,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /main.52089746468eb302.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-ea001\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":303806,"size_decoded":958465,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ce34c0f64aef1923fe8d4435fee8a53e","sha1":"6ee2da96624129cc1ed2c0ffedf48d3cde5a2cbf","sha256":"0c4383d4442f9d61cc34a1448a5a28156cb6d229c64299b4118ba297d5311df0","sha512":"c4644b7843bfa8e3aa545d2d664afbd58ba5ddc97510bea54ae81fe135bffe7d04ecb27af56d530f77c76861dc456c7cf742fb70be10cc96d2939b589c69d1ff","ssdeep":"24576:A2BRFnU0X5ur8KkQtra74i48slR0Q/jFLzjp4o1b8Ir0up0CLbJ75Lc1tf1qDiuY:AB8ENW4ihslRT/jFLzjp4o1b8Ir0up0J","tlshash":"6d152a953292f43583e750a98477050bf22e2889f50884acb69cdded7ee9c4da177b3c","first_seen":"2024-08-27T03:16:31Z","last_seen":"2025-02-20T17:52:24.862743Z","times_seen":65,"resource_available":true,"data":null}},"time_used":569,"timings":{"blocked":78,"dns":0,"connect":38,"send":0,"wait":92,"receive":314,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/setting.json?buildTimeStamp=1713172461512","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.910Z","timestamp":1739388866910,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /setting.json?buildTimeStamp=1713172461512 HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/json\r\nContent-Length: 184\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:42 GMT\r\nETag: \"661cf03e-b8\"\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":184,"size_decoded":184,"mime_type":"application/json","magic":"JSON text data","md5":"499b2244e2b34bd50b393d84059b6615","sha1":"0aead7d1111bb4b917e13c67e141caa3305f8ffc","sha256":"03a5f7cb882daf2534fafe45806ea999767f4bc73eae42f926e88f435e30ac94","sha512":"49109ff659bd6eb0d2cd902c94c98093410df4b681ad203b80a79583af9b328f81f0d0afe3aba24c6e1cb1696abb38b32a9c7efe9645645b8ade7093f4cc4be4","ssdeep":"","tlshash":"adc01290dabd1c0301ca0174a82b006574291a1318087e2af642ee0d0facc3fc9f8a0c","first_seen":"2023-06-14T16:37:58Z","last_seen":"2025-11-03T02:53:43.535749Z","times_seen":81,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/api/v2.0/systeminfo","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.915Z","timestamp":1739388866915,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /api/v2.0/systeminfo HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/json\r\nContent-Length: 131\r\nConnection: keep-alive\r\nSet-Cookie: sid=991f3fa16770820f663f1d07fc224c16; Path=/; Secure; HttpOnly\r\nX-Request-Id: 057bbf33-518e-4e6a-8abc-700736d3a033\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":131,"size_decoded":131,"mime_type":"application/json","magic":"JSON text data","md5":"b0d33f47d25280b90b2d113c8bf68ed0","sha1":"2b98c6388c16caaef3ab810a1fd87695a373d32a","sha256":"8b0ddefb8e465e151058a46635d846158a2aa2dd7f5a6188720d2ba93afbe48f","sha512":"a66675bcacc6c6e333ab9f3405fdc021fd9d266c1fd95cf839c6a68255f5a70f6ec68b26f44763e3acf1552155c6c17fe726e2b06ea9285723089bcdc87bfe32","ssdeep":"","tlshash":"00c0222e08388c3ac300c30e0a8b3000cef08020a2eaac00c2aa0ea002e80032020288","first_seen":"2024-08-27T03:16:32Z","last_seen":"2025-02-20T17:52:24.864586Z","times_seen":65,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/i18n/lang/en-us-lang.json?buildTimeStamp=1713172461512","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.941Z","timestamp":1739388866941,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /i18n/lang/en-us-lang.json?buildTimeStamp=1713172461512 HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:42 GMT\r\nETag: W/\"661cf03e-17235\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28986,"size_decoded":94773,"mime_type":"application/json","magic":"JSON text data","md5":"53ca2873fc2a737338004fe76ccf2978","sha1":"c7658bec00e475815b96371e95846b38d252832b","sha256":"233d222007676c5a4fa63023fdc67de4ee32da683a85bf07e812036d89ebd92d","sha512":"6913fe94bcee7b89ce0dceefebe27dc499262a027786756a6a53a45f6b711e2943613442d9fa086e71bb4bde7600aa3f5177c05401732cda34e8ff87f4033724","ssdeep":"1536:/B0WTN2axew1iYtias2JUYV31ZKFQi7Aws:p32aAw1iYti+JU0KFQi7AL","tlshash":"6293d809d6804f675aca06e5781e6d42766682bf0f283448b7bdc05c3f9e21f52b71af","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.865495Z","times_seen":66,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3106.8d7e44553705ff4e.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.976Z","timestamp":1739388866976,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /3106.8d7e44553705ff4e.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-7ed\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1019,"size_decoded":2029,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2029), with no line terminators","md5":"237e59e79c95fb1fd3de3aa400176f1c","sha1":"acdc89977d923ef9a469e366564b1c94d5088e64","sha256":"3e98b22232fef315246c9c42ce9a964a5397d0c8859c2f398feac9970129e392","sha512":"1858cef652c376884bb34d43ff9d68300edc46c34dd7191f523d439dcc6b60bd759a388e981a9b063c9fe2f87c75badc10cec8158468d64c519292835136d57a","ssdeep":"","tlshash":"c34185615333598daabf8cd5462522672c1ca512902b02c4f3d8aff0a38afdab35527d","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.866314Z","times_seen":66,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/dark-theme.css?buildTimeStamp=1713172461512","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.947Z","timestamp":1739388866947,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /dark-theme.css?buildTimeStamp=1713172461512 HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-6609d\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":145613,"size_decoded":417949,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"19044192bf9da7a8b718b9f5b6c7639f","sha1":"5200fcefaa4989cbdc575b4864c38514973e7c7c","sha256":"cc54722072d63c8b1686eedabab80816d2a987dd69a7fef8c8e99b3b89dee149","sha512":"7b1d18864fef99f4143f8f1c29c6b5135874936ee17162d40baa7b27476a1675f3d4ced3753f0c55b24e00aaf1d80a435a8ad02a2e95e2e898f069482a2e7cd8","ssdeep":"12288:TuX5zsE0dki0v4kZ0YbCsSYZ7RAjPNl6WB:TuX5zsE0dki0v4kZ0YbCsSYZtUe+","tlshash":"b4944b2af5503859b627850af2c42f4f451ab553f7175db6f0239b2c8bca6492e33f28","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-07-16T03:52:43.630375Z","times_seen":72,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5861.7cf9cbebfff9b62d.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:26.971Z","timestamp":1739388866971,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /5861.7cf9cbebfff9b62d.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-8f1d5\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":231611,"size_decoded":586197,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1234d718b00d4ddc05533ec78cd2ca23","sha1":"1d1596f144008809f008526e3de15ba391e2d1a1","sha256":"9a60cd100fd5ef0872769f08d9c09f063ade19139dfc9630da95d01dd9c3a0f1","sha512":"3230179c95598b942c6b43ee9ecc598c1ffe930651b953593a8d2b088826c606fc442add472f14d945f0f98f1ddeb78e6911102738bba680909de15c704f7787","ssdeep":"12288:svrQkiOzuSJZcZBSYAkHTpdwagSTJriL0:sBiOS91Ndwag6JriL0","tlshash":"e7c4499876517061839361b4447f050fa33b680da849856cfb69e8ea6dbc84e727ff3c","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.867976Z","times_seen":66,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":114,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/favicon.ico?v=2","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.119Z","timestamp":1739388867119,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /favicon.ico?v=2 HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 16958\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:42 GMT\r\nETag: \"661cf03e-423e\"\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16958,"size_decoded":16958,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"02d34850b1fd28c3d2dc5026a086364e","sha1":"1e35d4e5d277ddeeaef05d799d40df5b6ddbae3e","sha256":"99fa5b8a1661384db313bca24ea2ea255a73f6a6517a8700c5f33e4bc4ce9aaa","sha512":"4c156daeadfc1a4c53c3397148eec9111ed0c19703f83e5c20e26d91d76506865f9fff6dfe6e0a53d3d99359df69ebeca42e47c9038cf357cfe767b78a851d64","ssdeep":"384:KoVk7qYR3uL2KDVFaSseeBsOF94JKqDBYIr1+s4s9iem6w:KoVk7qYR3q/DVFateeBsOF94+IZ4s8e8","tlshash":"9772b4bb22d4aa90c0d47fbb49c6737298205c3e449dd592f888ba3ee77f4627d18505","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-09-19T17:11:57.895387Z","times_seen":75,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/8829.56ef0b5ae621f74a.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.284Z","timestamp":1739388867284,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /8829.56ef0b5ae621f74a.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-be3e\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15171,"size_decoded":48702,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48702), with no line terminators","md5":"074732253d75eeba14d4ce69b489436b","sha1":"fd56ab72f12580aaa2c84de063a4f5ecc5c08dc7","sha256":"4b28bd805b169d9098918f040b7fd6341a659f0f56b83e3a774f304915565da8","sha512":"01a98c2f03ff0863b9dd16c91024fc1b27d4ee4fa1ee5cf4c807d3b1545ff17a7c95aab785b544674701f8e2815a3336b194e114c3b3b458c9c9a774aedd5a3f","ssdeep":"768:1jrFPJDLE5vrQ/XU7BVGQKgRGPb8E849DuvsncUyDDCtgAkyZMxzqzmVnVb50Nod:1jrFP25vrQ/XCGQLGhcwsuIf5wMJh","tlshash":"992319622da0d4b953f684aae6673601615d1840a11e89acfbec9ccd75e8dcf3377338","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.870741Z","times_seen":66,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9254.bc0660424c8609e3.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.294Z","timestamp":1739388867294,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /9254.bc0660424c8609e3.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-39cc\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4279,"size_decoded":14796,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14796), with no line terminators","md5":"22ef2271b2539423419e55834b9a7e85","sha1":"e7678f1aadb208be8aa0f1a7485bc365093fe2c8","sha256":"6c1e0442f8eaf992d82951b973ed4be3b98f046846d32d9fc70ee411f7541c9d","sha512":"d6582ff2debab6178fcf7cf896fde5752b85bf390c6448afc802628985ff9952c7fc8f10d8c384700a3d81caafa91b881fd35098ae9fc15b1ba2bcf7e388ea4a","ssdeep":"384:g3X1SaiEZ3wXorj0jV53NSXS6c3OXE8tIm+tyYsftdeitnyIot5YLtFSP7TCIhWi:qka5xwXorj0jVXSXTc+XG","tlshash":"d862b7d3865274d723b250b0ba5a0b1352cd8c922a0d0948f1f84ed977bde46b367b3d","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.872191Z","times_seen":66,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1812.f82df707c8692ea7.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.296Z","timestamp":1739388867296,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /1812.f82df707c8692ea7.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-3ffa\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6135,"size_decoded":16378,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16378), with no line terminators","md5":"fafa9ae3f9baddab1d62e451a11bcb4b","sha1":"75fa0b36f927ff0831b341a826e40895c4a1a98e","sha256":"a89dbaf100b4140579a58bd50ea26a118e039245c57fb13f842389093b0dc8fb","sha512":"ee9f284f47c58e8a8173215f5a4bbde6e2a1f3acbfbe2e95076d688ae861656a3fd87bf0b499f3a72dbbc79bb7fd8a68d833b9156570a3c692f0fae754f7678a","ssdeep":"384:j5W7cbWGBGzqaeLeiebBjz5DOGPdl6V5hz0RQEb:FW70WYaEh+Bj1O5teQEb","tlshash":"cf7218d3aa55a42953f3489aeb130605992d00d0969f0a6cf76c0ce527ecdce336b7bc","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.871451Z","times_seen":66,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1208.b62243d4660fccc1.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.309Z","timestamp":1739388867309,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /1208.b62243d4660fccc1.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-489\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":724,"size_decoded":1161,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1161), with no line terminators","md5":"e68efce5926c0f5f39edff02c1a697c2","sha1":"031f1f8bc051a8355a42374e3c12f06cf0077eeb","sha256":"9d3f0ffd32327fdc8d265c9ed3fa16905bd6fab0097fccabf11f39d2b64e5141","sha512":"88c0db464b0bebfa93c5a39e9601f05fa4c15866efd043d906baba63866e6c164af35596b17b2ec87e9717142505d4bc41ba5b160d0ae68904cdd7cc2c41791f","ssdeep":"","tlshash":"bb2151bf515071df27fa5de08c3b2c9fa504bc15a30e019ce2446e3996a0d1c10e27a8","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.869411Z","times_seen":66,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5523.d1c49aa06373cb75.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.304Z","timestamp":1739388867304,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /5523.d1c49aa06373cb75.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-11f0\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2049,"size_decoded":4592,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4592), with no line terminators","md5":"d91e69304eb6694af13a23e6023dfea5","sha1":"17107f1cf9a9279c3a04c8af3d59977c9aea107b","sha256":"178a17dc914b1ebe649d812e28c3a6bf3c5b1fb686730daa521abd4e575f4a1a","sha512":"69949725ec2da792736b1a3022d80807398d43b6bc76db93e460196e0001d7f991440082cddeb3ce1973cd004a3c952433e1d77e95be09421a755a959833df02","ssdeep":"96:CDRhklszvvrbr1CUpF6CZUushBPgRTcfH:CDRWK3nZFzTm","tlshash":"4691d8569b57de5ed3fc019561da5909481c14128a1c095cf74ceeba2bb88cc3abf32e","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.870026Z","times_seen":66,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9781.fcb842b35e05ef60.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.310Z","timestamp":1739388867310,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /9781.fcb842b35e05ef60.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-17b2d\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25532,"size_decoded":97069,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f15a3945a7b20748fcc907d6dbbaa242","sha1":"9e04f443fc0f10f699269594b416268539663f93","sha256":"b64a75530d75807ce301aac7845edacd165d332044537ddbf05f5c2a8370159a","sha512":"37be7792aa714748b46aad2ef64a88353043baff4acc8c1abc6dfc0d7cb61c2c5221a60645358fae3fea066a89b0c5429e5994f31c39a6d7fc78daf9b3f6a49e","ssdeep":"1536:jnvj7vyDLlMJrRLl92GEaGxUzE44XASnPi/iSLBMA9UIwIip218vb+y4fAeY97Gu:jn6DLlALlgUii/iSLB6SipJYYeY9w8","tlshash":"b39329a2ab50a86e13a700a2f3662b0a611d4891650a421cf7dc4ddd7bfddce336777c","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.87302Z","times_seen":66,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":35,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5266.4390c8c32227cbd7.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.418Z","timestamp":1739388867418,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /5266.4390c8c32227cbd7.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-1e0d\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1229,"size_decoded":7693,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7693), with no line terminators","md5":"12e15248f6bc2e3ff3f73e99f4adb8ac","sha1":"9ac0d9c0f1e19ba9bd6cd232232d262403796ca6","sha256":"6d6b87f39cffe23c4471f33c13d698bdd40b58d92161e93b339c5a76d9c79e2f","sha512":"e509913bbf365709b06e1f8abe4521bf1a390a994e40d44583681d83ce10d22021d611193a3368ae2006cc8e5491e8b8718baa7d5e985c191103ba8a480dd04c","ssdeep":"192:pLsL3LDLiCLBLvLJLt44q7jLt4Cq7bKLt4z7zwLk/7TwLkm78wLkc7JwLkP7XwLG:poL/GCND9p44Gp4C7p4LwgnwgZwg+wgX","tlshash":"a0f1ff9bbdb0f1e07fd40141ac464e02f306918da3b8807dfa56ed6725a8e523d52b9f","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.877492Z","times_seen":66,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/common.61065d542610f653.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.443Z","timestamp":1739388867443,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /common.61065d542610f653.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-a45\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1333,"size_decoded":2629,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2629), with no line terminators","md5":"541af506630c6156100b365305208e87","sha1":"5efb2a7d834faa36334c0f25608a6b369dc0d6d0","sha256":"d91eee3eb1c713007519b298621c06bd741e7c670f0433c2da2ce0968f540266","sha512":"8cd0715c74d162cfba1674510902c23b81645e27e088b72526514af5b589b0aea70cd9358527ee997cf77748a766226e59ede113c2b6fc3b9f3589559c18ea49","ssdeep":"","tlshash":"6251a5bba282ecd5bb660daa693901c9d83c1688374d4df8f2941fe6b501904f792e34","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.878427Z","times_seen":66,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/6669.c716898f41a0b1b1.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.460Z","timestamp":1739388867460,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /6669.c716898f41a0b1b1.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-d9bc\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17799,"size_decoded":55740,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (55740), with no line terminators","md5":"c98a5e6524363258b5bea338b8d7cdc6","sha1":"039075f71feec1110c079437cc65d8713f093fc2","sha256":"7cc2a9b5a800f3494195cdce07729845fd16a0481aec9d05907aac034bf181e4","sha512":"6f6a8ecb3e33e75f0d6bbb977d251bbee2897e71d292a261555ccf5becd1fce38635f730b2111cf10f191c5f5aebaf440b0d80a6562d720c5ac41017ffa30a44","ssdeep":"768:+YljPNtzNtSg8uvQXmZfAAVyd1Lt2qLcji2FT99n6Svw1mvsJlSgMRsyf:+kjPNtfSgktX6i2Fsuf","tlshash":"d943f74aaa20d0e9a3e6506576661e03f25e4c49361e802cf2eccdcdb69c98d736773d","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.879045Z","times_seen":66,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3703.f332dcfd9addbbee.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.483Z","timestamp":1739388867483,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /3703.f332dcfd9addbbee.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-28e9\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4330,"size_decoded":10473,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10473), with no line terminators","md5":"1518bb33786c0d90968806d02a0bd8ba","sha1":"5dc36ccec2da9095987c71f9494c5991a91c0877","sha256":"6de2b1b94bb3feb644fe56714b282e6572a533688161e70ff8eeb7cdd5828c6b","sha512":"afaeffed010615a1df45c1cfce7a95bad1cc2f8dfce393e95bb0264b9a765e30d217e0dfb557cfabb7df614e23819b1d7d8f222c87438d7e0af9eeace088ca7f","ssdeep":"192:i2LvL+mLZLOd7JBhVTcnjHHtv8XfM4qakTs3SxjU+Ql:i2Dqm1s1T9uY3SxjUF","tlshash":"a922ea425a50b0eda39390e1f2b64a0b622d5d83950e4278f2dc8dd8f79dd8db36633c","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.876579Z","times_seen":66,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1659.6a28b0c9c9277d03.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.501Z","timestamp":1739388867501,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /1659.6a28b0c9c9277d03.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-66cd\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8748,"size_decoded":26317,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (26317), with no line terminators","md5":"e19e4801312556e82d39714490866d66","sha1":"d434ec7aa345ffd2c5facdd759b058aa07a5d648","sha256":"e62353125357b343c4bfce4504781998c4eaed05a8dadd6169f708721d1901b7","sha512":"6d48904418d1a0d5f1fe2528afaf3edaf0e1562364618e18866cd61df681b7e1287d3a00d4631a3d400f58b8485f29101b9609072077362699253095c8b02642","ssdeep":"768:a0r3Osu2vZJJnPzytLG/0je4pskNHY8p/C:B9neVe8U","tlshash":"54c21a96a75065f8539a90e1b3521906a61c5c83691d440cb3ec4cea76ececdb3fbb3c","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.874528Z","times_seen":66,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/2161.76f7ac62deb9f1a6.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.503Z","timestamp":1739388867503,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /2161.76f7ac62deb9f1a6.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-5beb\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7535,"size_decoded":23531,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23531), with no line terminators","md5":"b9e7ec6ec4360bf6e7bfff9a8b9f4824","sha1":"b1848a34814fe728d346eeb71da9b37839e59ce4","sha256":"fe1fd26f1a588610137fb4ab0471136aba4ee1d4fc25a5482d404e58a30209ed","sha512":"c5a0323b9ab957af61861bf135e51b395e14b061e33c49f01ad740b743d608fac2d6a0d479156e7121a1593ed3d5144ba2878c1c70360bd72e0918eb1ee5559d","ssdeep":"384:yzjtpAv2sa/fygc2XKdVtlT33bnD622Cdp0olKjtbVPi53B1ydQu8YUbQc4vJV8D:yzZpAv2sOKdPlvnSCdp0olKxZiJ3ydQh","tlshash":"a8b21c577b60b4d5a39308b2a55b2d05920c9c45da0d8038f1ac89de7bee8cab757b3c","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.879811Z","times_seen":66,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3866.b641f95df48c7c69.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.522Z","timestamp":1739388867522,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /3866.b641f95df48c7c69.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-523f\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7016,"size_decoded":21055,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21055), with no line terminators","md5":"57b4b10802a0cc76fa916d6fd9d226bf","sha1":"317024f67021abd01fc5d6fbea61500c3f69ce35","sha256":"21ebcf7918acc2f19679977292ce0b096eff7f14034f16363123ec33f3890846","sha512":"531129431d2d4fc3f1785bb6097fc027b2abe839cf4ad3ac2941e372130e2ae877f38a4afbdae3505c8ac450f1e6a479b450c6a8f6845b99e70c094bcecd4116","ssdeep":"384:dEFk3+kEFASRXmofW097ZI0EKrdsnvCqgBr2Mef43L+ijj:CFk3+3FASRXTlMQyo69i","tlshash":"4392f8522a60a0e473d294e1f55b1d13a2994cc2a709526cf2eccedeb59cd8cb36733c","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.881344Z","times_seen":66,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/771.6548ef50cf882b90.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.506Z","timestamp":1739388867506,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /771.6548ef50cf882b90.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-d4fd\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16123,"size_decoded":54525,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (54525), with no line terminators","md5":"3c94328e3c5e27a98b71eac40d874103","sha1":"f8ffdbf1e6782a9c0d6a6d2f0dd78a42cde54b2e","sha256":"f19c3545ad466e32964cc9b11b83b87364baa19196f310dda43f30c77d7ed07f","sha512":"2d8435ffe6331d3d4de7d6823da7db7d8afe2dd20752f48383669b1b4ffe468d08eec48f422112a7b13c23f784fdc5e1321baa90d057589ffb25ae38e67a1343","ssdeep":"768:XH30A9QKluuNmxnWXfuha4vXKuBuy8uZfO1hfbfR8IsAev56Sh64caOXzOGu:b7rMjBuy8uyaOXa5","tlshash":"c733089b9a6081e823e78022b27d5603933c9c196609a058f5dc9dcd77de9cd33e7a3c","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.880606Z","times_seen":66,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7200.e7d066ecb8a91b38.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.560Z","timestamp":1739388867560,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /7200.e7d066ecb8a91b38.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-904e\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11610,"size_decoded":36942,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (36942), with no line terminators","md5":"60c04c8832572d0cb2e577f064d40c2d","sha1":"1bcbff1c0001ac7caddfc770ad7e63d3a07028a1","sha256":"479a07ec43ffab338eb19f3546d487cfdda600275b1b45feb96cc529a8fdc99a","sha512":"ed175f39d157bda8b1717e316e36dd3510a616acc55c827ae096a2f38cc3472f72da778a47626717d3a49d3b60ef8204b06d87b16ea5be87fcc82b341d9982f5","ssdeep":"768:+XTflVZj/SoGTzyDMzPzYU1GyNJ3zefPT/aYhKUv3f:UTflV4r516v","tlshash":"a6f20947af9260ea13cb4165f66a1b02e21e4c86570e402cf6cc8cd976adb9c7377739","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.882042Z","times_seen":66,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/298.9c2754b411668822.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.576Z","timestamp":1739388867576,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /298.9c2754b411668822.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-2ad6\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1469,"size_decoded":10966,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10966), with no line terminators","md5":"c7e6552d5b0b2c0536049273818da36f","sha1":"e328f4c8e75dff8e4e29edeb7b850b57b88c0cbd","sha256":"c4278cc474afa8057079885f4f0a504507fd14002a3ac2d41749584c93f82080","sha512":"61d02873db20373b4de8c36d8ac45d5f344a2a24e56a51c4f3cdcc8f1f4ffff40d9751d435a05987e01a7be4d5f66e673a813cd3c74a1c6aadcf6ca2b2c24a86","ssdeep":"192:l32sDyPb2sSL3LiCLBL5M2shw32s072srY2sMC2sNs2swL3LiCLBL5a2sLS2scnW:MHCnLGCNFlqnxiI5L3WFzLGCNFfmnf25","tlshash":"9232dbeb7b70f1e4bfcd1191a9123e02f30bd84eb3a89139b4445d2b704494a9952bef","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.882805Z","times_seen":66,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1690.da755c589995c1df.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.584Z","timestamp":1739388867584,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /1690.da755c589995c1df.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-1dfb\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1167,"size_decoded":7675,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7675), with no line terminators","md5":"3368e1c71adddaadc9e6e59f78e0bf73","sha1":"dae0c476e648fb76d326ad3510c0042d65a7103b","sha256":"dab0d40311a6e12b56eebdb29f54e4a9917207486d4d2b5e70a94e566449b3c2","sha512":"9fd193453f73f4e25acce9d48c64806e78f3936fd7939ce49427f22713539a795f1143e9be62d28bdfb82fc7eced2086ef9b30d3912fee4fb3a72dc14cec0966","ssdeep":"192:iLvL6CLpLxwLwTB29wLwXB2lwLwn1B2iwLwgjB24wLw61B2GLvL6CLpLxwLwnbB+:iDuCF9wMU9wMQlwM6iwMl4wMXGDuCF9I","tlshash":"a9f1f2a7bb24f1a0bfcc4196a8420e4bf307918d72b8587df595de7620d85016542bff","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.88412Z","times_seen":66,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9285.d6e79a84c16199a0.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.582Z","timestamp":1739388867582,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /9285.d6e79a84c16199a0.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-3c1a\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1861,"size_decoded":15386,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15386), with no line terminators","md5":"c01ec641ec0c09e77e467f0b7bd14255","sha1":"d77c478a0a85808e77fbd97a2fceaeea68d2bb7f","sha256":"6fbc0295d5eb50934e5dc354a14063b66b0559557c499d61e35eab3fd01d2c01","sha512":"e5e088dd0564f43af7354b28e2389bb965418c8bf2844c440749581cb99eade570b70def90d017470056726565a21d73d79013ef66e5ab54760697d854c3881b","ssdeep":"384:xN1Wp29oLGCNpwR1KpH+N1Wp29GCNpwyNvAXbd2oLGCNp+783LGCNpNAwuwGge+B:L1Wp29oLjNpwrKpM1Wp29jNpwgIJ2oLf","tlshash":"806211577da4f0d0bfc50391be174e43f306818f63ec807ab654a96b299ce915a027be","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.883524Z","times_seen":66,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1907.92e71a8278f6f940.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.590Z","timestamp":1739388867590,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /1907.92e71a8278f6f940.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-2085\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1331,"size_decoded":8325,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8325), with no line terminators","md5":"e64fd0d0482031e64a7ade8482c906ad","sha1":"40f22b951d169785054d720bdef524c3d6be8e4e","sha256":"189bf2bc63b6bb5d81e6b3333a2777326a24c706df19de10929c7fbfb8b69ce3","sha512":"a7ad993e4e4863ed60673d7c8bf9cef294bf27c47025476311098948a5e9d53444a2112c7c06708aebaae6e599cd04d550e996d019dac4735b3c37ffcba44412","ssdeep":"192:vL3LiCLBLlwLMkvHwLM7vuwLMNvSwLMWvb+vT/4+vV4N8ve4KTve4G8vv4tFvLCU:vLGCNBwIkwIKwIQwI4e424Nt4KC4Gk4t","tlshash":"e30232873ea0f1d0bfdf44a2dd624e12e31a948c334c807ef6999d6b6c146516863f9e","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.885292Z","times_seen":66,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3645.a7275aa7286bb926.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.591Z","timestamp":1739388867591,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /3645.a7275aa7286bb926.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-1c6a\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1123,"size_decoded":7274,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7274), with no line terminators","md5":"70c351d4c001043c50952c90c8082ff4","sha1":"5f5a8082d66b56c8fddff1edca2ce76af38fa2e5","sha256":"2e7b67d631319f1c34fdcd7c4bf7ccd66b9e90c6a7184a9a7ec8e456c675d170","sha512":"d50800f6635b561e36fd04656d8e055a3fda12849e4f5f4d404f0b791e5f2646944d5a6a6e8b6e9d5e02ddad51eccf905d178e9743f03d29d031867c8935cc4d","ssdeep":"192:+L3LiCLBL5mlPJlvwlTnlNlZLKhlKDhlfL3LiCLBL5SlbqlallnIlWlxaOhlvrHS:+LGCNFgbMH3fLGCNFkR/C2r8HQO","tlshash":"95e1d0db7b90f0d03b9400adcc664e62f318055c334c807dbd859aabac64955af67faa","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.884752Z","times_seen":66,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4810.f30bf86c193c57d8.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.595Z","timestamp":1739388867595,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /4810.f30bf86c193c57d8.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-1b15\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1167,"size_decoded":6933,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6933), with no line terminators","md5":"ecb30c8608350ec6a1c8d5a735f6210e","sha1":"27dfa114ee119b76f9bf08f3b30d7021b94423b4","sha256":"332b65e944a5e5b4907361f22649f2800b9a830e4908eb1857660bac398fa667","sha512":"81b58af5e60af72b6ea7ef2c059ecf70de17d1dca147011ec7f71b771f5c6a2e8653bc8e43738eb1c4389961333c75e709a135a930490a6a85606a77c82b81f9","ssdeep":"192:PCLBLwLtwLgTvZwLbTgwLiTfwLQTnwLtT0CLBLYLDLtckTTJcvTBLiCLBLtchTTC:PCN0pwUwEw6wgwKCNEHptQGCNpaSk6","tlshash":"fbe1f0973da0f0a0bfe50181ac571e12f34645cda3a8857df295dd5b299cb003992b9e","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.886837Z","times_seen":66,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9716.733ac7a5977b1b7a.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.607Z","timestamp":1739388867607,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /9716.733ac7a5977b1b7a.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-6bc1\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3432,"size_decoded":27585,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (27585), with no line terminators","md5":"818f173645d216d33c08fb39fa936da6","sha1":"89d1e285f5ce3a0919b47f482285a63c1b84b6a3","sha256":"e97b31ff4357764d54ef04a0441b929d5c3b037ce64aa4f74a864b1fad34de9e","sha512":"7314e82584dee5c3dd48eacfc0b67ed8ab1dea8f4ddfae7585d4b6e964b2e7d88c7accfd55de0502556f4b45ba87ec63726c68c99956a924cd4f6ae5328cba6c","ssdeep":"768:tLjNF4ieH4wX9jNF404j4bis4DLjN9F4I4j4d4F4A4CLjN9F4u4D484r4bSowjNB:tLjNKieYwX9jNK38bivDLjN9Kz8iKrCz","tlshash":"a6c210df7aa0f1e03fc6059a9c478e11e20a098d378c807df4945e77585c989ba93bbd","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.886056Z","times_seen":66,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/6056.574549d4fca33cff.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.609Z","timestamp":1739388867609,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /6056.574549d4fca33cff.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-1a8f3\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31603,"size_decoded":108787,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4ee8dc2eac4b01995351f653d697095c","sha1":"1bc766d30b73a78dbaaf4085caddc3d27cc11f46","sha256":"ea1a153e63b749518a0c59cd15ddb96428d0db3479970006595b53172ad2e9ea","sha512":"639cb6ca056b841802cae4f2d92ae81c425ae7d0d8284a3c49221e735af8c2f78ee8befcc4f585d377f281a23dbf1d8fdae4cfda791e8e5d784817f99f35f92c","ssdeep":"3072:ZcAlX3fRXkXRdW+gHyOEzptmcn3lLJVsgduKjN7:ZcAlX5XkXRdW+gHyOEzptmcn1LJVsg/V","tlshash":"7ab3f897971010fc63e78562f3966503122e8d59920e8268f6dc8d9cb69dfcea3d3339","first_seen":"2024-08-27T03:16:30Z","last_seen":"2025-02-20T17:52:24.887501Z","times_seen":65,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/9391.1ad9b98b5be2b5a2.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.615Z","timestamp":1739388867615,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /9391.1ad9b98b5be2b5a2.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-93ec\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11704,"size_decoded":37868,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (37868), with no line terminators","md5":"a15ca7da1a2d1d82fe896bb4d251216c","sha1":"c5095fb2f1463058ad6650e4500f436fbaf9041a","sha256":"fec10b2998c8d341dcd838c5872ff684b215037158d3f2eacf97d03a99b0314c","sha512":"4635075511d8d8e19cc70a216f8fbbc819a6d0641c35ffb7eae5a384ad8ecccd9026e686bb09d22a9ab07eb86d4ffe2ac9fd6f96bcdd38d59b0877d30266c4c3","ssdeep":"768:GP6XNf8LoteZVvD86vy/ffD3kcsHy1tJFithWpByOTM:c7jmithWQ","tlshash":"4f0309465b6155ec039e5070fbbb1e13860c8c56570d8958f2ec8dd9b68ca4eb3bb63c","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.888204Z","times_seen":66,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/668.80599201d988aba3.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.617Z","timestamp":1739388867617,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /668.80599201d988aba3.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-50e9\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6142,"size_decoded":20713,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20713), with no line terminators","md5":"626572adb0c84c1dbe99c1596217f35f","sha1":"128ba19a82b635c71a67904bd26094217566d2ec","sha256":"71873532996fc6587761b44ab7ac84f73b238cbdd8070859f87b259d160b4c85","sha512":"3e61f0babb8cb8e288b198edabb10556f303466f674fbbfea018e57c07a5fe2400f7a79c5f1e1884c8f189f431649608bc8dee65cc076465544dc391c1c98e8e","ssdeep":"384:F0BBDwH/2fDPlhC50hKQ8P6C+vsRj+V2GOZdjA2RtDEYq:aBFwf2fzlk51QQ6Bvst+2RtDEb","tlshash":"d892e6879761a0d563e34195d3ae4a43160c4e04762f9ab8f6ec4cddb74c46cb3aba3c","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.888916Z","times_seen":66,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/6567.23029f3f11edd345.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.619Z","timestamp":1739388867619,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /6567.23029f3f11edd345.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-4c50\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7086,"size_decoded":19536,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19536), with no line terminators","md5":"7821824469e5088f3bafda2805466d02","sha1":"640cb9d6e79df1da08c2d46070c32659ffac6585","sha256":"5a7c71550f51d59701dff3c2b84f56e9de1eed94b6c4acd20a2964e4ea2aa756","sha512":"50520d5874815a7242f0d6b4d39637b36c2161b683392f4585b3b525412950be459c83882656d0145993dc7fb77f359d9bcb5604784baccff3959a0a5ef3153d","ssdeep":"384:ZEKO6ABqjwxkN7Z/fU62HyhNLeZcLtbxFy:ZohWL/s62aNLeZcLty","tlshash":"ee92eaaaeb5094edd3979461a1527606d32c4c42a71d812cf7ac9ce8f69cecc726733c","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.89085Z","times_seen":66,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/8407.a4afb0822c89d19e.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.625Z","timestamp":1739388867625,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /8407.a4afb0822c89d19e.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-3ea\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":586,"size_decoded":1002,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1002), with no line terminators","md5":"66ea3aff33578f14bcb710c47821c308","sha1":"4583a3150fd98a008519bde3c32ae2723953c192","sha256":"2666db89ed341879f887eba7bf5cbb763011f47f6f764f68f2bf9b4593a51eea","sha512":"d0ab9a843b08de2b37f31e08f2448a9dc6689e9a9d36077e0972adbca159b2035e108c5a84427b2431bf458ab40c910e42e205ff055110cbc0504b9b12c0268a","ssdeep":"","tlshash":"1111029fa962b873a16fefc3b1bb149e80641c40b25d9a78fbdd0e355411c9830a915c","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.890242Z","times_seen":66,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5674.9412b35ec95e709c.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.635Z","timestamp":1739388867635,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /5674.9412b35ec95e709c.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-6ef9\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9454,"size_decoded":28409,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (28409), with no line terminators","md5":"fa9bdbc76c570b950e143da04282236a","sha1":"b6703d72e20a32e9bfa6a59ee7223d66ad7b6ea5","sha256":"48e7a9dd20799f926e0b7592b361878def09aac3b64a2a7d225c52506fc5f042","sha512":"2def794b9c7049b49a741b1464893ea993e84b01744b8dfaabe44545a9269fba333f4ba83d68f476a3488993bb9800d0dcf03af9bb831cb39db89c9b8bf6eee7","ssdeep":"768:gxhxRWAgXsaNqgFSdEClJxyf2ua2Z8HZsb:gxhxRe4gFSd5lWWZq","tlshash":"fcd20bf26a94983966ed4871e0523906922c5546a62f835cb77d6d8cafccf8f930337c","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.892132Z","times_seen":66,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3015.4b803307a08d7dba.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.644Z","timestamp":1739388867644,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /3015.4b803307a08d7dba.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-9bd2\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10437,"size_decoded":39890,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39890), with no line terminators","md5":"cece1c72fbbd59ff25448ffc2eabdf71","sha1":"d94d0606735ff408d732598e3cf77cdadc1a6572","sha256":"d40f1af995620500eb1e94323c2b60778d4016787fea3ed94f036a468a073d03","sha512":"ba4494ddfaa2728f7123615bd04b35ba3b532c0638d07f2fabb766e5ef38fc8df87f7a1e98925c5378be5f31182f435147b3bf6e1706f45e336acf79dc086fc9","ssdeep":"384:x0cbTRgt7b20g6GHnyu00KkiXn9Hi5gv772bjxicTJ65mfRj0cllVdl1uNDB+grS:x1Tw7b2Z6qL0VHiG772vYc4520UFeEz","tlshash":"f303e6479e0590f913e394b1fb6e0943866c8e45360e9098b6cc4decb6d9e8cb397738","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.89295Z","times_seen":66,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1554.23ecccff0ac20141.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.617Z","timestamp":1739388867617,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /1554.23ecccff0ac20141.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-17895\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26390,"size_decoded":96405,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"43ca0283421c4582b5c8066bc124251c","sha1":"2cbc97c4f1caf816230d24a13e6a98d231e55625","sha256":"6bb9a994a17207bbb1d82112e00c91f97854630c2bf61c134a3babc4cec5d889","sha512":"997d5703cb616ad5442c14e20a39d3655f97295738c896a3fe43c15630bf5b09d069b67665b3a2f8e593137383a7b568a68ea459341eda1eddc6cb05ee4694c3","ssdeep":"768:2ynGbBxaHISq1uw+Aob+Dv2P6leZa+bv0QtFSFQH7o7O2y0jFUkboOR4lwM2BkBA:2ynGbBxGWjGaQtoQejEk+EHWzpTy","tlshash":"1f930997ae10e0f953f54069e66e0903920c5d49a61e4068f7dc4edab3ac9cf77a3338","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.889589Z","times_seen":66,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/5562.e89aa1533b143913.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.648Z","timestamp":1739388867648,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /5562.e89aa1533b143913.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-13907\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19231,"size_decoded":80135,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8615dcc595e0b2e8422c4d67688cd94b","sha1":"2c94179d2dfaa8d535f465b5394f237a610e2624","sha256":"d5b6523d25a9b2238eb98fdb7aa2cd21931ebcb041ebc7d7071a8ae57a6eff77","sha512":"471b2a96d8b99e7bade77c5902ff7966c2047c7129cdb80947b752d91494bee92077952ba3b265c65550afc61f364e4c2fcf2336d58500ff837005a538708021","ssdeep":"768:8gUAwp51UDHpl0PQUem5t0ec1gAC1+eoh7J/dmvJIq7KBCXqGMxvaxPllCX5Xxz5:8lAwrXnb+eog5tsiv/0PocwjgwuiI","tlshash":"3173f8438f2264eed3f24115e3e61706861e9ea2a04f5564f5cccd8cbb8ce946367b38","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.893773Z","times_seen":66,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7011.821f48236a941cdd.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.666Z","timestamp":1739388867666,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /7011.821f48236a941cdd.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-31850\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62151,"size_decoded":202832,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"74632ea23568783410b91a42b3b5869c","sha1":"3fce93e2a41731cd1b72033aff471576813a84fd","sha256":"ad327a4133ffef9e1b427a8434d38502e92f68fae2e9303af50925fdc28a7e37","sha512":"5ed9a6aa7530ef89aed99630df0ec60cf086c4b1cac1c17aadc199f08f38c340e548f275349124d8407055b0bca1bc0f4332608b6645421d00769561263c4263","ssdeep":"1536:K8ATwEnInuoJD4aWSrzw0XdKTClJNSJRE2ojYckhZqYXK2PDs9R/6QQXJt:1uoJkaWSA0ITCl+skhwZ6M615t","tlshash":"20142aa39690d0f963e2a4b07a6b4502b12d5c15662d816cf29c8ddcb2ecdcd727773c","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.895634Z","times_seen":66,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":114,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/3410.f3de76e9c2ccde42.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.661Z","timestamp":1739388867661,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /3410.f3de76e9c2ccde42.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-4ff4\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6311,"size_decoded":20468,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20468), with no line terminators","md5":"6ae7d47cbe29865d42cf37e203fa2b97","sha1":"2b8dd6ee7c31d4988ab9494813dff53a28ad0d2d","sha256":"372ca66130ea63dfe1cab2d946a63d0abe5ca07befadd06ac24ab9b837e885ff","sha512":"8b64ec2387394bb287f5c299adb1e6a5b749d38a991f11a507876fab9debb02fd92411cb369607741706b40ff1cb3f4cb456ee134e7fbab51e7cb8176f46cdc5","ssdeep":"192:pbLjhvxmSnwWNh+BdNfd7vRW3F9NDZap04dfoez30buJL3oUvkq3KxcGalOiXNRZ:pvjh5mYVuMXsJ1vz30gfk4KwlzRKo","tlshash":"5c92d9a3da58c07cb3f85c69e5325f05f13a1e19751a422cf65dcc98a2c5ece2252377","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.894838Z","times_seen":66,"resource_available":true,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7872.59f508be5b269384.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.646Z","timestamp":1739388867646,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /7872.59f508be5b269384.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-acd8\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11249,"size_decoded":44248,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (44248), with no line terminators","md5":"d891c2ac9330a7a2c95f232c1346dbb7","sha1":"6a6b6296feeb885ef543bd6b2d4064d370437878","sha256":"43074d8bf794a9b982f7aa93c95dfc0cb5ad30995870b80006553dad2fabe9fc","sha512":"bf5f39143f3236d8f8a600207a3e3aca686e68c1c762ba890dcc3d5487dde3757763babe049debe8b397f1276a3275038c2d873840f006f0752647391588f000","ssdeep":"768:zhZy9rfCX/p4xhrf6XZO0YGA8rf/XJ34KbWcrf2XstTX7VymPnrd/G54xZHu9uiF:CrfCXMrf6Xdjrf/XFrf2X+p/cuoF1rfh","tlshash":"c513e553995140ee17a7d0a1ba6f0643420c4d9a521ee49cf7cc4de9bacdd4cb3abb38","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.891473Z","times_seen":66,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7029.587d23f858ed84af.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.896Z","timestamp":1739388867896,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /7029.587d23f858ed84af.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-3e30\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4557,"size_decoded":15920,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15920), with no line terminators","md5":"e983689fac5dfbe5d9121d0abf844f8c","sha1":"860273d5e92831197006b202b869443d0c709bec","sha256":"78044160d98e953e7587aa42a747c18cd2826110a7a015ed26b38e2261800401","sha512":"ca7ffca6b4e7869059db20ac1cb6e6e5c6181762a3a92cfa7b0842afcc9387473d57fedad486b27e8cf732db9f8c22a63e6c3b608005690743ca35f1b3a083df","ssdeep":"384:5T5vJqT5vJSaBZjLH6C8p6DLMmYwYSUCYrMUzvJa7j5r/Dwx2zeb:5T5JqT5JSg1bxUsLZYwYSUCYrMUrKj5K","tlshash":"a56260c3ce60d0e4bbd7824267724d82970c4d46125f927bb9eb5c69329c94ab3a373d","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.898275Z","times_seen":66,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7687.16db09dc80554f98.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.900Z","timestamp":1739388867900,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /7687.16db09dc80554f98.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-9842\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13089,"size_decoded":38978,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (38978), with no line terminators","md5":"0b91b8310b218af44121c5d349129ed0","sha1":"ec0f0b3493824d0a3d788ef64a3129dd0765d0b0","sha256":"66a815f4c40c9397c47b6418d2f0d1a6d1317a2925c44f6cd4bef6d274310965","sha512":"f5d6a542990d8acc56fdfa75a8f2824ed6f339e8b754453d486e2f22608816e2c157b546df717a01f49b4950b948e1dd2b26ee36ae06d62e93d801ee5c041829","ssdeep":"768:g3bx/3bxvZ8X2Z9p2U7kTfYs9xABsz42KRvoyxOeFWqMFpwx0:g3bx/3bxeXXdM0","tlshash":"ae031c926a64d1f453c3a1a1f6661e02b31e4c8a621e806cf7ac9ccd779ddcc626373d","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.899109Z","times_seen":66,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/2012.bbaa4fd7ed564a81.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.905Z","timestamp":1739388867905,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /2012.bbaa4fd7ed564a81.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-3858\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5572,"size_decoded":14424,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14424), with no line terminators","md5":"44b8c1d76cefb577cbdf8433fe4fe409","sha1":"964b75a3fcb2f92fb72a9c1fde29bf77f0432ef9","sha256":"7b226e5fd7d4d1b2ea56d7e0db36281472c2bce4158bff9ded8d74fa5acfff10","sha512":"9703869507360f6fecf9e8ff7a588abf11bec2fe1fb415d706eb4cf0639fe421ee1b2ba6914870c55d16348d7866b9d6a6d7c31d23633f2b30892f8688bff387","ssdeep":"384:duoPsbUcv5HjDIfx0MvhglbljBVVqj5vJDZ0V++e:PkS0agZljBjqlVZ5","tlshash":"e3520a9aaa50a1ed43e390a2b5e3250b617c4d42a50d412cf2dcdddcf9a8d8db3a653c","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.896419Z","times_seen":66,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7512.5ee6ccf7f05214a7.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.903Z","timestamp":1739388867903,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /7512.5ee6ccf7f05214a7.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-81bf\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10145,"size_decoded":33215,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33215), with no line terminators","md5":"30d448baeb580cbe37a92df38d183bb9","sha1":"f61f83891cf9abf6f4cf53667e1edd7d6d56b24d","sha256":"cf9ef464361507d2946cbb7d65afc9b5f6290cd06beb46cf4569f0458715d618","sha512":"74c955dad0ca0cf5382e32f9a9cce7fae07e6812115f32ef918f52f6dfe9df1503f5dd2f3fb64a5fba563af33ffb4e2859320ab983c335639cf70c9c786f72fe","ssdeep":"768:CwQjj0D8/8qSyFPk5XIg/HSxdprgk0F1ArrWd8RUNvd5zEoAnYnpn6n2nLn+bW7x:HJolblM","tlshash":"54e2f962e94544e823e394d1a6662d02b19d4c96961d103cf2ec8cea76cddccb37bb3d","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.897535Z","times_seen":66,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/7898.4c1912c2d089c576.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.912Z","timestamp":1739388867912,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /7898.4c1912c2d089c576.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-7c5\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":915,"size_decoded":1989,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1989), with no line terminators","md5":"643c7d3abc6c5045aa2c0fea2d43fb49","sha1":"a00f776756d16802856c7d31e97e6c05ba2c39a2","sha256":"af491fd4800734a2b40b03c09b2de6e31ff6314da6eb14118417b1026d302744","sha512":"35f13faabac6ae4c74a8aecaab5f5d20101ba4f6c5ace96cffbdcf36a496ecfe81be41fcb0e8327cc8ecc3698add7f261dcfab605d19c34f67d33d4e09d4f68c","ssdeep":"","tlshash":"3d4133aee625a4f6d1ae8e4335b61cb5d0761804305c64bcfbbcc9b65342cc9205a73e","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.899723Z","times_seen":66,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4768.6a433690d3d9ac30.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.919Z","timestamp":1739388867919,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /4768.6a433690d3d9ac30.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-6239\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7495,"size_decoded":25145,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (25145), with no line terminators","md5":"f9fe3e6042ecc770a8a5c917e886b115","sha1":"866e4632d0ed54e7a673b61d55b9f1d4af316a3d","sha256":"917eeec5d99c42ae37e57d7a6fa3bdb2dc83e1de82368313e87af49800a01315","sha512":"5a1a0a82e637ffdf6aeac7832505db9da8637ba9f4529864c8bd63566474668275693b1c5190087837e99386c52627f59ac00da94026e90009b02aae1c6ab860","ssdeep":"768:reNeM4mq5i1aGHAvbKZPL4goEQtBAggU7wZpf9eGs1K0qmuCBM:uZBZPL4goFOCy+y","tlshash":"07b2d961af50f3e953e6403286618e11f369d46465291229fb88cc887fdcf9a136b73f","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.902262Z","times_seen":66,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/1860.ec060c5f09a57b61.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.926Z","timestamp":1739388867926,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /1860.ec060c5f09a57b61.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-100dc\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18158,"size_decoded":65756,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9ddf9bf6483738c674928297bc8b3939","sha1":"048f596005a093e3c74d13e4a8f60250716dbdaf","sha256":"a35731877d87769c275c16b6acf862b605e081bd986c97f13423820ff32a04b8","sha512":"f9cc8b66639191cf6392be33419da92bdc25cbc3c74b4c71c3d9f4fd2ad38d4c7d1e566f2fd727016bf62c2c747e40d08cfe1709d386e2537e8d8b01b1e7d518","ssdeep":"768:j4JMxzsCdXytQbccJR8PGuIqIGUeizdqYg9iQHzuw0Js:2+6Q/s","tlshash":"d853d703ba65a0f413bb9462e76d0e03c22d4d97291d9425f39c8ed57f9c85c33ab639","first_seen":"2024-01-28T22:38:21Z","last_seen":"2025-02-20T17:52:24.900456Z","times_seen":66,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/185.ca471c987675af5c.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.923Z","timestamp":1739388867923,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /185.ca471c987675af5c.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-8660\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11035,"size_decoded":34400,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (34400), with no line terminators","md5":"06f3d0caec40894490885c429f2a1b73","sha1":"0edeaf80d31f0cf7321d53d05745f7e84183224b","sha256":"f81ab00a6dcc58f2ee563fd139bc8319bee0e68a146ef35e7c3090e67a0b55d9","sha512":"159b54a66ae189db455b6c51d725f07042ad1d473e4a0b7fad93fbb0156a298e8efca94880d98921b663be9dc1457baa108bdb6e1a77973d7ea207d4898303a2","ssdeep":"768:8TPB1b/Ex3aP2RCzUQoXKf/yruOeCnbwn7nBN0yOv/Ssu2sFxlE:2/Ydi/yru1TF0","tlshash":"14f2e78baa1050f813d78071b66a1607a27cdc09661da058f6dc9dcdb3de9cd72e7a3c","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.901348Z","times_seen":66,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":35,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4837.c3520bb1e281da12.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.929Z","timestamp":1739388867929,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /4837.c3520bb1e281da12.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-ee8e\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17162,"size_decoded":61070,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (61070), with no line terminators","md5":"ad0cd8b606d3a0ff0300d910c1cfd212","sha1":"d1b24ecc8ccf05e00885b2db3c736ac87f859cb0","sha256":"cd443ade3e638fbf166854d0ce6b261d27675e94f72acb6be69d8625ca180c3f","sha512":"06a44cfc32247bb073cde4ccda0c7bc2ca8e96dbd2e5d36f0e13fa5d5ae4da79d8b6c50eb92121fc7935e00d9a27600f89a94dea09b37f20dfcaa981547a86e4","ssdeep":"768:yzowTU1qvzcgsudQQm3A3e3t/3CgY/efeDMQE0M13LTfkuUwZudkY808WQWodKbk:uUceUGt/3Cd/L+MtjHTpVDNO4Cy4","tlshash":"3953d8a3871081ec63d7c460a35a6607932d9c56a20a9558f6eccdbcb7cd6cdb2d3339","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.903081Z","times_seen":66,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/187.fdfb40bcfbe38d0e.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.930Z","timestamp":1739388867930,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /187.fdfb40bcfbe38d0e.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-314e\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4213,"size_decoded":12622,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12622), with no line terminators","md5":"43d17eb4faa77d674622187dc6ddec89","sha1":"0c5b3225b03110098ab04b0401e1be8df43f6731","sha256":"4192a4ddec2939a99166ba30dadf75c13bf62bca3fffe307a63e2b83ff6dee1f","sha512":"c34cc477f556c4e816e5109e00e997bde19f6eb78024ce3025d28d13727031309a1253d2e46643db42219a102a019a1e27566e07552b2441e9dff14114cca89e","ssdeep":"192:u9MD1u+Nen74e9MOjkPxZY6aVx5+rCzxsF/jL+v+NVYBN4mUJYPJFo/J:u9wu+Nen74e9L4PxZY6aVh+kvagN06ox","tlshash":"504297218e21c03592b714eaf7a60e41a57d344a615a0478f38c8e9937edddf33af729","first_seen":"2024-01-28T22:38:20Z","last_seen":"2025-02-20T17:52:24.904076Z","times_seen":66,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/4539.615219b3de3cc9b6.js","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:27.934Z","timestamp":1739388867934,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /4539.615219b3de3cc9b6.js HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:27 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:40 GMT\r\nETag: W/\"661cf03c-131e9\"\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22439,"size_decoded":78313,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c21094a951e0f6200177b6003855e307","sha1":"d659ff729714b645221b20a821ba419497a6ded9","sha256":"c7e1344c201e9b088d48d0c137da4e61d87077a97a735bb5ec736a52acc7e0e8","sha512":"e7c001a25eb9b5c64214a31dd779acd77ee4b006d1d18d975d195d60d2ef26539b8bee8ad48a90137149f021cc23e27d786b587956e46a59a4db621069a98cd9","ssdeep":"1536:Ah4ANVC6s9QAarzzyalLh/CCA52JYpeisVmf:AXDAarzzyc/1AUJbmf","tlshash":"0e73da63965081fc63d79461b3b62a03923d9c5da20e8158f2dc8dd8f78da8de397339","first_seen":"2024-01-28T22:38:19Z","last_seen":"2025-02-20T17:52:24.904847Z","times_seen":66,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/api/v2.0/users/current","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:32.320Z","timestamp":1739388872320,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /api/v2.0/users/current HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 401 Unauthorized\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:32 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 62\r\nConnection: keep-alive\r\nSet-Cookie: _gorilla_csrf=MTczOTM4ODg3MnxJbU54UzNwQ01VVmlMMVpqZWtGM1IzaFBja1pvUldGblVFRnRaelJEVjFCYWEyRkdiM2xxVUhoWGFWRTlJZ289fEGUbLNq8Ihqwf2u7VcNgewRwrWiVjaUPsRTjNrlmZyV; Path=/; Secure; Expires=Thu, 13 Feb 2025 07:34:32 GMT; Max-Age=43200; HttpOnly; Secure; SameSite=Strict\r\nVary: Cookie\r\nX-Harbor-Csrf-Token: jd1XPEcyYn9WapgLSaRpUoqgwsZU+mGwjtFgqopguVT/f+Q7FimfKGVpmbpzFQhDIq/ArmzzAmkfcAhguZHjcA==\r\nX-Request-Id: 8efae7ef-1d63-464b-bb2e-4ba52859a79e\r\n","headers":null,"cookies":null,"status_code":"401","status_text":"Unauthorized","fingerprints":null,"data":{"size":62,"size_decoded":62,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"de88478b6be2cff11e6aaed8ca720ceb","sha1":"9d29a961f2b9dd996e0c0537124dc1b84ace8b53","sha256":"54fc5c267545e923953d12079168a9d65feb8d01446e9ad639f933698cf4e61d","sha512":"b40a792db7cd0043349749b0c527e2446cecb61b44aa201bad9c88b0ead4a8450b4cfd26f08ccd9d9c9e2db8310908040cefdd673fb7df3729e914088c4795f9","ssdeep":"","tlshash":"e2a0220282080c332b02002c3a0c202008e8802002c008008c2a828c0b03cac0802808","first_seen":"2023-06-14T16:37:58Z","last_seen":"2025-11-03T02:53:43.458158Z","times_seen":79,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/api/v2.0/users/current","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:32.320Z","timestamp":1739388872320,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /api/v2.0/users/current HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/bins/sora.arm7\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16; _gorilla_csrf=MTczOTM4ODg3MnxJbU54UzNwQ01VVmlMMVpqZWtGM1IzaFBja1pvUldGblVFRnRaelJEVjFCYWEyRkdiM2xxVUhoWGFWRTlJZ289fEGUbLNq8Ihqwf2u7VcNgewRwrWiVjaUPsRTjNrlmZyV\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 401 Unauthorized\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:32 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 62\r\nConnection: keep-alive\r\nVary: Cookie\r\nX-Harbor-Csrf-Token: Wu6EdzPt16qlJKtOwQ3RV5pcMBfjfSe3co9EoRLpJYAoTDdwYvYq/ZYnqv/7vLBGMlMyf9t0RG7jLixrIRh/pA==\r\nX-Request-Id: 16078215-4ca9-4e84-9af9-21540af5a489\r\n","headers":null,"cookies":null,"status_code":"401","status_text":"Unauthorized","fingerprints":null,"data":{"size":62,"size_decoded":62,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"de88478b6be2cff11e6aaed8ca720ceb","sha1":"9d29a961f2b9dd996e0c0537124dc1b84ace8b53","sha256":"54fc5c267545e923953d12079168a9d65feb8d01446e9ad639f933698cf4e61d","sha512":"b40a792db7cd0043349749b0c527e2446cecb61b44aa201bad9c88b0ead4a8450b4cfd26f08ccd9d9c9e2db8310908040cefdd673fb7df3729e914088c4795f9","ssdeep":"","tlshash":"e2a0220282080c332b02002c3a0c202008e8802002c008008c2a828c0b03cac0802808","first_seen":"2023-06-14T16:37:58Z","last_seen":"2025-11-03T02:53:43.458158Z","times_seen":79,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91.198.77.215/images/harbor-logo.svg","fqdn":"91.198.77.215","domain":"91.198.77.215","tld":""},"ip":{"addr":"91.198.77.215","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91.198.77.215/bins/sora.arm7","date":"2025-02-12T19:34:32.664Z","timestamp":1739388872664,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vplat.ir","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sun, 10 Nov 2024 09:49:04 GMT","end":"Mon, 10 Nov 2025 09:49:03 GMT"},"fingerprint":{"sha1":"0C:DC:72:E7:42:20:28:4E:36:41:55:86:07:53:D4:3C:48:50:C4:C3","sha256":"8B:AA:ED:D9:55:E9:ED:5E:2B:9D:56:47:18:5C:B0:18:94:3E:CB:6D:15:1D:7E:AC:8B:68:B0:77:0A:FF:52:B7"}}},"request":{"raw":"GET /images/harbor-logo.svg HTTP/1.1\r\nHost: 91.198.77.215\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91.198.77.215/account/sign-in?redirect_url=%2Fharbor%2Fprojects\r\nCookie: sid=991f3fa16770820f663f1d07fc224c16; _gorilla_csrf=MTczOTM4ODg3MnxJbU54UzNwQ01VVmlMMVpqZWtGM1IzaFBja1pvUldGblVFRnRaelJEVjFCYWEyRkdiM2xxVUhoWGFWRTlJZ289fEGUbLNq8Ihqwf2u7VcNgewRwrWiVjaUPsRTjNrlmZyV\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 12 Feb 2025 19:34:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 1797\r\nConnection: keep-alive\r\nLast-Modified: Mon, 15 Apr 2024 09:15:42 GMT\r\nETag: \"661cf03e-705\"\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1797,"size_decoded":1797,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c583d3a970431375e843ca36cf876471","sha1":"2846289a8a01fa42ec966aa324f3e547a645c4db","sha256":"7da700c426c021104b12a8c44c1b84df207cc7275be384b51aae31a99f4ea450","sha512":"e7e7e13e71feb920075efa8e926ca58092bb0cc581b4e06c282479dfe40620587b4d122b334ea01f8d7a716242831ee724cf9e756d69e68a24a539c7f6a36f99","ssdeep":"","tlshash":"0e3138a381413e93a11406f5839121e5f68ff875a6123e8c45e1ab70af13e1bb2bc48b","first_seen":"2023-06-14T16:37:58Z","last_seen":"2025-11-03T02:53:43.524222Z","times_seen":115,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-12","alert":"Sinkholed","trigger":"91.198.77.215","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}