{"report_id":"ed216c89-9028-4dfa-8e1d-c87bc704c554","version":6,"status":"done","tags":[],"date":"2025-11-20T18:10:15Z","url":{"schema":"https","addr":"t.co/b0IMj2vjYM","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"172.66.0.227","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"rnlgjbbi2v.cc/.njn6RxDz/.N5Szx45tfG/Ar4x3Szoup9.html","fqdn":"rnlgjbbi2v.cc","domain":"rnlgjbbi2v.cc","tld":"cc"},"title":"404 Not Found","dom":{"size":264,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"5180d5f051c4b56c0878020c49ee0cac","sha1":"1ccc302c3b4039cc8c5605e76faa4ee1aab81f8f","sha256":"a775e3a167a1b367a9ce665e0b0e755e92a6ded6be9460bd750be67655e98915","sha512":"9a963874428db4e1a5a68e6a0e00e3c8fbdfb440e9096f9623c968c3daa51b98b3e29a1f1c189ab31209a93cf5c467bb9c342c7f9e4064532fde2ba519fdc26e","ssdeep":"","tlshash":"39d0954f4147330b442053607dc01151d549332a3531a1b53a8594bf500dc2dc8e77dc","dom_hash":"domhash1bcc6c7745f5fa565ef63bd1933dfd7a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"t.co/b0IMj2vjYM","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"172.66.0.227","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-25T18:10:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-20T18:09:54Z","timestamp":1763662194,"ip_dst":{"addr":"172.18.0.21","port":44898,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"78.159.156.127","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 10","source":"{\"timestamp\":\"2025-11-20T18:09:54.458875+0000\",\"flow_id\":818523483069364,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"78.159.156.127\",\"src_port\":443,\"dest_ip\":\"172.18.0.21\",\"dest_port\":44898,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400009,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 10\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-11-20T18:09:54.252852+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"rnlgjbbi2v.cc","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-11-04","domain_rank":0,"first_seen":"2025-11-08T13:13:39.067649Z","last_seen":"2025-11-20T10:13:49.893392Z","alert_count":6,"request_count":3,"received_data":1031,"sent_data":1559,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"t.co","ip":{"addr":"162.159.140.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2010-04-26","domain_rank":232,"first_seen":"2012-07-25T19:09:44Z","last_seen":"2025-11-17T08:39:16.339678Z","alert_count":0,"request_count":2,"received_data":2611,"sent_data":1167,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-20T18:09:54Z","timestamp":1763662194,"ip_dst":{"addr":"172.18.0.21","port":44898,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"78.159.156.127","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 10","source":"{\"timestamp\":\"2025-11-20T18:09:54.458875+0000\",\"flow_id\":818523483069364,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"78.159.156.127\",\"src_port\":443,\"dest_ip\":\"172.18.0.21\",\"dest_port\":44898,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400009,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 10\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-11-20T18:09:54.252852+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"t.co/b0IMj2vjYM","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"162.159.140.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T18:09:53.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"t.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 11:16:13 GMT","end":"Fri, 13 Feb 2026 11:16:12 GMT"},"fingerprint":{"sha1":"21:5E:49:8B:6E:47:BC:50:8A:2C:13:39:54:FA:AA:2A:5E:2A:5D:3C","sha256":"76:5D:64:03:57:50:37:2E:A3:48:F7:11:DB:3E:63:60:92:0F:A2:8F:80:62:40:D7:A2:F4:E8:81:EA:9A:90:40"}}},"request":{"raw":"GET /b0IMj2vjYM HTTP/1.1\r\nHost: t.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 20 Nov 2025 18:09:54 GMT\r\ncontent-type: text/html; charset=utf-8\r\nperf: 7402827104\r\nvary: Origin, accept-encoding\r\nserver: cloudflare envoy\r\nexpires: Thu, 20 Nov 2025 18:14:53 GMT\r\ncache-control: private,max-age=300\r\nx-transaction-id: 0b34e9e689db5fe6\r\nx-xss-protection: 0\r\nx-response-time: 12\r\norigin-cf-ray: 9a19e6a7a8d51ae6-OSL\r\nstrict-transport-security: max-age=631138519; includeSubdomains\r\nx-served-by: t4_a\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: gzip\r\nset-cookie: muc=de0cfdc0-4068-4061-a6b1-4ddcd1fc8184; SameSite=None; Secure; Domain=t.co; Max-Age=34214400; Expires=Mon, 21 Dec 2026 18:09:53 GMT\n__cf_bm=3lqiDRmnxhQR9.tKzCPZDQtvqfAQu.CEsb.POzq6uAA-1763662193.8642614-1.0.1.1-ADDS7Vt13mJOrFqh4hQBpj4v43mAO.ZDLLnzo_fYmqLmOp.JZZ5PMsAlhreW4f_rIuhIHIWTTk5V5YVEm1R0Vql8p1fuluoLALTWQvT.teuID0yPLZ6RnqoTKFQoXqLO; HttpOnly; Secure; Path=/; Domain=t.co; Expires=Thu, 20 Nov 2025 18:39:54 GMT\r\ncf-ray: 9a19e6a7a8d51ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":337,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (337), with no line terminators","md5":"bd523d0242b380621923829e0f50ec9a","sha1":"12212d187a73ba04db1a616b51c414f90bd4920a","sha256":"55a2c1edf956b7e3f68550b81416ded4dd8740da6edcde6520077c7b65012252","sha512":"1c0b1a87449033f35e38cd9eff9ed1e815fb663ff81decaac7dbba003a6a9d5ed364870b010dd18fe3051232d85ec110f9c99149f7d8e506f2ab2762420c5aa2","ssdeep":"","tlshash":"a0e086d31e29dc03c5a7d6c051b076fc34755509aad2da619840386483246f5ee9a0d3","first_seen":"2025-11-08T13:13:43.125906Z","last_seen":"2025-11-20T18:10:15.936698Z","times_seen":35,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":13,"dns":3,"connect":1,"send":0,"wait":172,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rnlgjbbi2v.cc/.njn6RxDz/.N5Szx45tfG/Ar4x3Szoup9.html","fqdn":"rnlgjbbi2v.cc","domain":"rnlgjbbi2v.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T18:09:54.231Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /.njn6RxDz/.N5Szx45tfG/Ar4x3Szoup9.html HTTP/1.1\r\nHost: rnlgjbbi2v.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t.co/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":24,"connect":206,"send":0,"wait":0,"receive":0,"ssl":212},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t.co/favicon.ico","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"162.159.140.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t.co/b0IMj2vjYM","date":"2025-11-20T18:09:54.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"t.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 11:16:13 GMT","end":"Fri, 13 Feb 2026 11:16:12 GMT"},"fingerprint":{"sha1":"21:5E:49:8B:6E:47:BC:50:8A:2C:13:39:54:FA:AA:2A:5E:2A:5D:3C","sha256":"76:5D:64:03:57:50:37:2E:A3:48:F7:11:DB:3E:63:60:92:0F:A2:8F:80:62:40:D7:A2:F4:E8:81:EA:9A:90:40"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: t.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t.co/b0IMj2vjYM\r\nCookie: muc=de0cfdc0-4068-4061-a6b1-4ddcd1fc8184; __cf_bm=3lqiDRmnxhQR9.tKzCPZDQtvqfAQu.CEsb.POzq6uAA-1763662193.8642614-1.0.1.1-ADDS7Vt13mJOrFqh4hQBpj4v43mAO.ZDLLnzo_fYmqLmOp.JZZ5PMsAlhreW4f_rIuhIHIWTTk5V5YVEm1R0Vql8p1fuluoLALTWQvT.teuID0yPLZ6RnqoTKFQoXqLO\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 20 Nov 2025 18:09:54 GMT\r\ncontent-type: image/x-icon\r\nperf: 7402827104\r\nserver: cloudflare envoy\r\ncache-control: no-cache, no-store, max-age=0\r\nx-transaction-id: ba89a32d7f5526e1\r\nx-response-time: 2\r\norigin-cf-ray: 9a19e6aaad071ae6-OSL\r\nstrict-transport-security: max-age=631138519; includeSubdomains\r\nx-served-by: t4_a\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: gzip\r\nset-cookie: __cf_bm=Lq1RnphKdYa9D9U8xWU_3Ypf3z1xfr5pMHnD8eirwzc-1763662194.3470802-1.0.1.1-.DRA9b6pjhymzW0JnGut0e6WQyZGtCuxf0VDtA3rIlxcl2HyhwGgUaAaT2Fk0SkSy8ss7LWZZu85JbYrvwse70TEo1vllbk8P_UwBnTY7J6BcmV67bWq6lsYeNebhty0; HttpOnly; Secure; Path=/; Domain=t.co; Expires=Thu, 20 Nov 2025 18:39:54 GMT\r\ncf-ray: 9a19e6aaad071ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":549,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"9d99a2372bbd5b28ef4b2eaecac8c805","sha1":"6503a35c95cdf2d08ed83e17ae81c8b0e58f49c2","sha256":"cc4939af5d16855f2bea8322dbf33461ebc6bfd092fa3e2291d87d3d83ebd8ed","sha512":"7efba58d391137ea50c0ed95025316e404ce8fed549c386f2d3316d91797cd39e5447db9b0ffdb0ebadbaf1f38766743603c140b8dfb956eccc144aa78cff766","ssdeep":"","tlshash":"06f0eb835322f47ce2c32a41b646d0fce92a472a085c4c0c032da5ba9a5195c9e4b068","first_seen":"2023-07-25T15:05:02Z","last_seen":"2026-04-05T02:14:15.633986Z","times_seen":5710,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rnlgjbbi2v.cc/.njn6RxDz/.N5Szx45tfG/Ar4x3Szoup9.html","fqdn":"rnlgjbbi2v.cc","domain":"rnlgjbbi2v.cc","tld":"cc"},"ip":{"addr":"78.159.156.127","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T18:09:55.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"get-info.im","organization":""},"issuer":{"commonName":"get-info.im","organization":""},"validity":{"start":"Sat, 01 Nov 2025 02:42:13 GMT","end":"Sun, 01 Nov 2026 02:42:13 GMT"},"fingerprint":{"sha1":"EC:3C:FB:B9:08:13:FF:45:B1:1F:C1:34:93:93:0A:A6:A9:6D:14:DA","sha256":"C0:1D:F3:3B:80:F8:12:84:E3:04:A0:E4:9A:99:5E:03:85:45:95:02:59:93:F0:E2:E2:E2:1E:F2:DE:F2:AC:EE"}}},"request":{"raw":"GET /.njn6RxDz/.N5Szx45tfG/Ar4x3Szoup9.html HTTP/1.1\r\nHost: rnlgjbbi2v.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://t.co/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 20 Nov 2025 18:09:55 GMT\r\nServer: Apache\r\nContent-Length: 315\r\nKeep-Alive: timeout=2, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-04-05T14:45:23.016856Z","times_seen":143778,"resource_available":true,"data":null}},"time_used":1052,"timings":{"blocked":422,"dns":1,"connect":204,"send":0,"wait":207,"receive":0,"ssl":215},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rnlgjbbi2v.cc/favicon.ico","fqdn":"rnlgjbbi2v.cc","domain":"rnlgjbbi2v.cc","tld":"cc"},"ip":{"addr":"78.159.156.127","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rnlgjbbi2v.cc/.njn6RxDz/.N5Szx45tfG/Ar4x3Szoup9.html","date":"2025-11-20T18:09:56.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"get-info.im","organization":""},"issuer":{"commonName":"get-info.im","organization":""},"validity":{"start":"Sat, 01 Nov 2025 02:42:13 GMT","end":"Sun, 01 Nov 2026 02:42:13 GMT"},"fingerprint":{"sha1":"EC:3C:FB:B9:08:13:FF:45:B1:1F:C1:34:93:93:0A:A6:A9:6D:14:DA","sha256":"C0:1D:F3:3B:80:F8:12:84:E3:04:A0:E4:9A:99:5E:03:85:45:95:02:59:93:F0:E2:E2:E2:1E:F2:DE:F2:AC:EE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rnlgjbbi2v.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rnlgjbbi2v.cc/.njn6RxDz/.N5Szx45tfG/Ar4x3Szoup9.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 20 Nov 2025 18:09:56 GMT\r\nServer: Apache\r\nContent-Length: 315\r\nKeep-Alive: timeout=2, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-04-05T14:45:23.016856Z","times_seen":143778,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"rnlgjbbi2v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}