{"report_id":"f8fb1677-4cc0-4041-a7c6-4b6d64c55257","version":6,"status":"done","tags":[],"date":"2025-12-30T13:43:47Z","url":{"schema":"http","addr":"obmenvsem.com/info.php?id=5220386","fqdn":"obmenvsem.com","domain":"obmenvsem.com","tld":"com"},"ip":{"addr":"82.192.80.133","port":0,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/info.php?id=5220386","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"title":"82-ALA-Melissa-S33-083.jpg () - скачать на мобильный телефон","dom":{"size":2742,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2653)","md5":"ba84d0d241f219bdc388b04a61b04580","sha1":"44553d38f491c074196729a29b8dd05f938c1589","sha256":"f6ab5f2d27bc1104bc8a935c1e147a8f4d7812dc16664a85fa9901556c164e4f","sha512":"2f9dd91fe05df5d34f893c561ab70132b82c90574c3c48374b51a489d9cd951d708c487380159165d9de60cfb5bc4070fac31e968455b0554f6b516113dc38bc","ssdeep":"","tlshash":"b251d8ff734a74264f4150e6103f9304e47b9014b959c941ed99b8d05d78aef43b2dac","dom_hash":"domhash48ac854a4779f478aeefcee14490c06d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"obmenvsem.com/info.php?id=5220386","fqdn":"obmenvsem.com","domain":"obmenvsem.com","tld":"com"},"ip":{"addr":"82.192.80.133","port":0,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-03T13:43:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"hdbkome.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"sasisa.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"obmenvsemfilesec.com","ip":{"addr":"82.192.80.149","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-10-18","domain_rank":0,"first_seen":"2025-11-05T02:42:46.868919Z","last_seen":"2025-12-16T06:18:54.713702Z","alert_count":0,"request_count":3,"received_data":16593,"sent_data":1488,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"hdbkome.com","ip":{"addr":"31.220.27.135","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-06-02","domain_rank":128894,"first_seen":"2023-06-16T11:48:40Z","last_seen":"2025-12-30T10:48:56.645688Z","alert_count":4,"request_count":4,"received_data":26313,"sent_data":2344,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ru2.obmenvsem.cc","ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-11-01","domain_rank":0,"first_seen":"2025-12-30T13:43:48.574597Z","last_seen":"2025-12-30T13:43:48.574598Z","alert_count":0,"request_count":11,"received_data":1018782,"sent_data":5881,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tsyndicate.com","ip":{"addr":"136.243.90.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2017-03-08","domain_rank":1289,"first_seen":"2017-03-16T09:04:54Z","last_seen":"2025-12-30T09:00:06.692779Z","alert_count":0,"request_count":1,"received_data":855,"sent_data":503,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.pncloudfl.com","ip":{"addr":"172.66.165.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-04-20","domain_rank":95245,"first_seen":"2021-06-07T14:28:03Z","last_seen":"2025-12-26T02:03:47.806178Z","alert_count":0,"request_count":3,"received_data":17626,"sent_data":1461,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"rkgwzfwjgk.com","ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2023-03-06","domain_rank":637113,"first_seen":"2023-03-06T09:55:17Z","last_seen":"2025-12-30T10:03:09.546999Z","alert_count":4,"request_count":4,"received_data":206998,"sent_data":4183,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"openrtb.tds.bid","ip":{"addr":"85.202.195.162","port":443,"asn":48716,"as":"PS Internet Company LLP","country":"Kazakhstan","country_code":"KZ"},"domain_registered":"2022-07-21","domain_rank":0,"first_seen":"2025-11-27T16:51:28.145531Z","last_seen":"2025-12-25T20:42:34.658335Z","alert_count":0,"request_count":1,"received_data":192,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sasisa.org","ip":{"addr":"85.17.28.52","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2008-06-10","domain_rank":502253,"first_seen":"2014-03-11T18:44:55Z","last_seen":"2025-12-18T00:29:07.579051Z","alert_count":1,"request_count":1,"received_data":522,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"obmenvsem.com","ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-11-21","domain_rank":0,"first_seen":"2025-12-21T10:04:38.909299Z","last_seen":"2025-12-21T10:04:38.909299Z","alert_count":0,"request_count":1,"received_data":66345,"sent_data":501,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"kuolkoola.com","ip":{"addr":"172.67.195.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-20","domain_rank":47044,"first_seen":"2025-05-08T22:43:24.287422Z","last_seen":"2025-12-25T07:23:31.875186Z","alert_count":0,"request_count":2,"received_data":5577,"sent_data":1057,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ds2.obmenvsemfilesec.com","ip":{"addr":"85.17.28.50","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-10-18","domain_rank":0,"first_seen":"2025-11-05T20:11:41.144916Z","last_seen":"2025-12-25T16:43:09.799857Z","alert_count":0,"request_count":1,"received_data":71487,"sent_data":500,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s.uuidksinc.net","ip":{"addr":"31.220.27.155","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2015-05-05","domain_rank":47808,"first_seen":"2015-07-20T12:00:35Z","last_seen":"2025-12-25T05:57:49.916294Z","alert_count":0,"request_count":1,"received_data":544,"sent_data":509,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"uuidksinc.net","ip":{"addr":"31.220.27.155","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2015-05-05","domain_rank":6184,"first_seen":"2015-05-31T08:43:35Z","last_seen":"2025-12-25T20:42:34.787488Z","alert_count":0,"request_count":1,"received_data":3122,"sent_data":581,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tuhesok.com","ip":{"addr":"88.208.46.49","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-07-31","domain_rank":758811,"first_seen":"2024-08-14T15:26:51Z","last_seen":"2025-12-21T10:04:39.698719Z","alert_count":0,"request_count":1,"received_data":44039,"sent_data":409,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"clobberprocurertightwad.com","ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2024-05-17","domain_rank":52289,"first_seen":"2024-05-19T00:25:09Z","last_seen":"2025-12-29T09:46:25.224165Z","alert_count":0,"request_count":4,"received_data":164114,"sent_data":3069,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rkgwzfwjgk.com/i/npage/1861886/code.js","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b12ecfd0f59565fe7d516584b6f1c0c","sha1":"0449b41a72f22aca7dd0d54d23382548871e53b8","sha256":"4e203fe065e5f8ab832c996f3afc82c5d8789d10913f09a621fad923d5950961","sha512":"de178f8951cc078d3f83d6127b36bafb4f9c4bb4d3faf5344f50cb12410646bae755307accf0de626d6d80ef39f76f5999d1880e1aa664b543e6a899d0073771","ssdeep":"1536:mUwGREVfFa9EmpdpvWdNpFuQHKXr8QyZBdgmZzIF+qS16v4ApZXvRIIxrS06IBuO:mUgtk4v+IzxqS38/RTrPB5+k","tlshash":"d614819ce95c2cf68182903ed82f4d0e5365d4e1d1ce4264caf2cbf547b8e279239a79","size":193505,"data":"","first_seen":"2025-12-30T13:43:52.720894Z","last_seen":"2026-01-04T05:56:58.489073Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clobberprocurertightwad.com/get/1894290?zoneid=1894290\u0026jp=_clukhhpkntlfrfzijrhqjs\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=Aq02YSuaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2086133647105024\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=913\u0026rlp=%5B0%2C35%2C204%2C140%2C3212%2C2143%2C555%2C1996%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"clobberprocurertightwad.com","domain":"clobberprocurertightwad.com","tld":"com"},"ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa0f86dba6a06ada572a73d9910af5af","sha1":"47660562ae1ca0c45c55c2a75dcc5e5710e72d61","sha256":"61a243ccede379897b3006ff6188960635b115513bb02772d312709d8ac1ef87","sha512":"ba88486065684174a583f70482c5f757dc98570f377b63ea927e14af5f86b682fc34c68e6920191da249a47d7c32dbccbd35809e23eee4912a1b3ae63fed40bb","ssdeep":"","tlshash":"a97163d89057d96358451df257fcae8f396ac4254b8f99e5fa9c8b79103c0bf8300813","size":3545,"data":"","first_seen":"2025-12-30T13:43:52.747893Z","last_seen":"2025-12-30T13:43:52.747893Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/get/1861886?zoneid=1861886\u0026jp=_clxupsynckwjolugbcdmmq\u0026dr=102\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=mt6oSSQaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2930558577218560\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=1148\u0026rlp=%5B0%2C35%2C204%2C140%2C4726%2C2698%2C583%2C2551%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0\u0026freq=0","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"02de454c51047d3cf82b6344e3ddaa0d","sha1":"002945ebfcd4b3bda51820eda4514ebb977ee360","sha256":"6ce0a652b98a84e77b651d32843fce73b6457136f3858e1354d99996208ef5e6","sha512":"2f7be747af7e2f3daba6c5b28fa6503567ce9cecc058a6e0f761967b0e73ed9a9379192df91a9da4410d22ef4f6d00bd70518212527ea3b4fa4049ff921cfa37","ssdeep":"192:uMByOg9EWJNm2TRutNvpvkctR21mX5ejOV1NfK:T6urpcctSOlK","tlshash":"89027c899890ce92d5c95d0b903e8f3d79c20c7f8c3f866291a5dc0798153f2ecab5e2","size":8806,"data":"","first_seen":"2025-12-30T13:43:52.724025Z","last_seen":"2025-12-30T13:43:52.724025Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/info.php?id=5220386","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4707ec7078208cd5a5c50961d3d02063","sha1":"738077e99708a8bbb147698210ee67b5e69b030b","sha256":"cef47e5d46f989961065e415fe84f05e26c7f4a2137bdefc1ccbbe9c20bbfdbb","sha512":"a8d9e911efce3e1e2cbf321f89696315a22fdcdf2e486efb16edb1c54b5bdfba06c3409be84f91a4b76851ae2667c62aba6b4f87d18b3ab11c5dd36f00d3a507","ssdeep":"","tlshash":"b221639759419eb0eefbf07a743fc3de78f00915d8128101e7ac4c48d6a8e4f3052058","size":1139,"data":"","first_seen":"2025-12-30T13:43:52.759352Z","last_seen":"2025-12-30T13:43:52.759352Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/js/main.js","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"8d257a979132a6cd272e6072a81747d1","sha1":"655d47cababf48fe99e0a149602c9d5f1b0d105e","sha256":"fa485a2a4611dfcd82c2ca21eec1a78d3a1ab492862d6e56bc0526865337fcd4","sha512":"010fedbeadbd89e8e48d1021f63deab783b4581759597f9560341abe57a46876da6c82d4cdbb980e5f8d8eb995d97579c9b1618d2cc1e46114a94ed32025796a","ssdeep":"12288:rSB7qB7WKK4aIiuyW+aux8HNhvu/m2mVrd7y:rSB7qB7mIiusx8HN8/m2mRd7y","tlshash":"78d42ac87281742247d7b0b5502f520ab23a9969580dc16cf62df9d52fb8e4de23bf78","size":624805,"data":"","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.892415Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clobberprocurertightwad.com/aas/r45d/vki/1894290/b6f7a362.js","fqdn":"clobberprocurertightwad.com","domain":"clobberprocurertightwad.com","tld":"com"},"ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"7b78cb008efc792638eb5ccac72169e0","sha1":"dd5cf8f124de2c0cb2318a83317b39956dffe4a9","sha256":"286868e2b174f327b806c865bf47f301f1fdd0206767c87b1745dbcaa95ca204","sha512":"de3fa612ce25b6e57e06e128f3072f475e479975041c5fc36740efea542e5b26da16e8e024494c949f4f5192431c3eabda5c90d49af3cb7e0e9c2bb439a7bf17","ssdeep":"3072:rU0KJ2LLbnYgLevgFghmlx+uEzUgL6TQX2bH8z:9TZXyslxv+6+Nz","tlshash":"abe3638c62cee4f50b4290e9cc3f3702b63a58e29f5d41a6b573c1c929b950ed315bb9","size":156166,"data":"","first_seen":"2025-12-30T13:43:52.733323Z","last_seen":"2025-12-30T13:43:52.733323Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/info.php?id=5220386","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"6bca3556a2b94279d82f0fb483259247","sha1":"0062c81784ad046495cef73b1ca8d09e67d57834","sha256":"d4ddeb75f7b0c1d4e88479dded3cb6c112b46dd7514883deeea66f669238e1a1","sha512":"fccbdf4b970f9066f748c041ceefb06d5413ccf91da7a8bc9df7da111132a127c4a8686549ea9b12877a5ec6663541078ceaed76b53a780377538e67d5395fe0","ssdeep":"","tlshash":"ba9002455060149047b32979102618840025556466448c401095a995085107053468ac","size":46,"data":"","first_seen":"2023-04-12T04:33:36Z","last_seen":"2026-04-03T22:29:06.297799Z","times_seen":1377,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/info.php?id=5220386","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"804e9c6457e79cb0eef26f4e6016e591","sha1":"57de8d7f8a3befb312e6f01b250772c2f9bd88f9","sha256":"d091d31dbb0755845f1b5e4bad22049f0c4a7b0f45b9395f4821fa5aa64e4174","sha512":"48e3f690c19ecd4f4bebac595b1734933d65d52df1a0a76bc7b1c8385dd91e3f1a2c6354a31c75595b35efa2772850e32bce3b81d2de048634ede17a45e70dfc","ssdeep":"","tlshash":"660178be481711305bb720c9222fb381640e50674c6ef860bacccd006f6de1b8921dd8","size":791,"data":"","first_seen":"2024-12-01T13:23:16.736837Z","last_seen":"2026-04-03T15:41:56.891738Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuhesok.com/58854.js","fqdn":"tuhesok.com","domain":"tuhesok.com","tld":"com"},"ip":{"addr":"88.208.46.49","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0f438343ca01f023dbc4266a58a19a77","sha1":"7a08db25a16e409385c2d706aa2db3df635ae96a","sha256":"2176d85a2eeb7951c357e95b0757f97447aa330f9db446948cb1a11fd18520ac","sha512":"caa06e6cfe10c668cd1f168c968ff67f30103fab3743e4737b2fcb7e90ae572b2324c74a9842f817a9e009a68c4cb41ba06e0c625f3e30a39657e1bcd00cdabe","ssdeep":"768:dExClCwj5iFbMn1gEEJZ2iPf3FH0qGWDHV/u8dI:zdqvl02DHV/ueI","tlshash":"6613089972427025327fb5f1a37f570eb3be690a48a51d50c603f8c03968e8dd67ae8d","size":43509,"data":"","first_seen":"2025-12-06T15:23:24.975267Z","last_seen":"2026-02-04T11:33:10.602105Z","times_seen":140,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uuidksinc.net/matchx?gdpr=0\u0026gdpr_consent=","fqdn":"uuidksinc.net","domain":"uuidksinc.net","tld":"net"},"ip":{"addr":"31.220.27.155","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"076acf363322d8e868988a11b06ecccd","sha1":"0767fd1fe4ed77ca42f02f9db121c8ebe8a40651","sha256":"76cc47dbf5ab39a7e1194bc58add4705c272165ac45b80c66fec43ab94cd60c5","sha512":"636683dc63c67afbc972ce6b3415fdc0f2dda796173b3f32916e5e760cfa931499d42201bad6baf8e66b43cbd78324dfe5d5bfa39259d890e03a0ee9658379bc","ssdeep":"","tlshash":"7c51c8ffb34a38264b8550e6202f5304e47b5014b999c941eda9b8d05d79aef43b2dac","size":2656,"data":"","first_seen":"2025-12-30T13:43:52.76517Z","last_seen":"2025-12-30T13:43:52.76517Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clobberprocurertightwad.com/check.html","fqdn":"clobberprocurertightwad.com","domain":"clobberprocurertightwad.com","tld":"com"},"ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f2e0cd22b41fa7c9212af0b11f449d3","sha1":"6c552632a2eeaa712496444594c3e8c68eadbbb0","sha256":"d7ca5af269e02e5109a61ef55df0196e2206204d6c742daba5a153defc097fda","sha512":"c90bb9984fc0b2a5374129cb10fc509e937ba565063e2530578430fb0329f8058c145c914de139fa166d8530cfff9799a8c78aa1ad2752d9ec72e24c0fed477c","ssdeep":"","tlshash":"d201685934f5684d5127b630255b22182d32a40325cbd94efb2cdb301f825a7eca8aef","size":762,"data":"","first_seen":"2025-03-07T08:34:13.499254Z","last_seen":"2026-03-04T07:06:03.173543Z","times_seen":7245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/info.php?id=5220386","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"3e23ceac4c58be29d7d9901d73c46bb3","sha1":"7a97a69dcd808ea280ff056c6fe5d94d835d51a1","sha256":"b232419b010f4bb8af91289e7659eb4b090dd5d8d4a0b6ae7255fdaafb367090","sha512":"fffddf0b8d405e7ac13f3191f868732e0e31ff7a4c9e992a551fb04037c296da68d8c8e2b3638e8ea9db9262b5268bfa274400474758d91c693cf4fe77831795","ssdeep":"","tlshash":"96f0e53b082b2a35497710956a3abb882c42b0275846f8327acc8d1daf18e07a9618b4","size":510,"data":"","first_seen":"2025-12-21T10:04:46.023203Z","last_seen":"2026-04-03T15:41:56.893198Z","times_seen":68,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/check.html","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f2e0cd22b41fa7c9212af0b11f449d3","sha1":"6c552632a2eeaa712496444594c3e8c68eadbbb0","sha256":"d7ca5af269e02e5109a61ef55df0196e2206204d6c742daba5a153defc097fda","sha512":"c90bb9984fc0b2a5374129cb10fc509e937ba565063e2530578430fb0329f8058c145c914de139fa166d8530cfff9799a8c78aa1ad2752d9ec72e24c0fed477c","ssdeep":"","tlshash":"d201685934f5684d5127b630255b22182d32a40325cbd94efb2cdb301f825a7eca8aef","size":762,"data":"","first_seen":"2025-03-07T08:34:13.499254Z","last_seen":"2026-03-04T07:06:03.173543Z","times_seen":7245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/info.php?id=5220386","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"66289c448b06f4e98dbfc72bdd14b48c","sha1":"23bf4efce3b24c35a4e9d794e9bdeec20cc34ebd","sha256":"85fd3462920a62fe3dcd3b040eb235945fe1e4289b867a6d248bd075664d149b","sha512":"989b97cc10346d63b48d32d06c755b0abb5ecb368ecfbca1d9eda9245b62bd20580f7a00103cff32779f89673488b5ec4f17cc69f664e1d8642be78be5d3736e","ssdeep":"","tlshash":"d201f9af2cf250304563b0b89aafe50830635003580aac097cccc0848f94bad0b3abec","size":819,"data":"","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.896349Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hdbkome.com/g1eksgsz.js","fqdn":"hdbkome.com","domain":"hdbkome.com","tld":"com"},"ip":{"addr":"31.220.27.135","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"727cc3e9024a6cfc341cdaaf530aad11","sha1":"e34b1ce39c52b952152f26b9c342d28998a04296","sha256":"7a1034e4473da66ac572557d95b5d78101770a20351bd47d3a9c9d1254f4b97f","sha512":"0dc8572090bbde82d3d6c3ca1cdd492cc449e41d6a48a3f3a8219ff51f2c49963b06ce4845d0849e64a6f42dcecd7e142c4f08287968cd6b2bbc0a1a9babe359","ssdeep":"768:wt4sMcvfNV7koNr3r9wRfzcMEgR3EumZ9inl3:s57kcbMEgdE9Z9id","tlshash":"30b2f9c876a9b86603a675b6d03f614ef23ba655380e8010d117f5d07c7e58fe223ead","size":24911,"data":"","first_seen":"2025-09-20T14:07:03.144236Z","last_seen":"2026-04-03T15:41:56.88065Z","times_seen":163,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"rkgwzfwjgk.com/check.html","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.462Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 16:08:12 GMT","end":"Sun, 15 Mar 2026 16:08:11 GMT"},"fingerprint":{"sha1":"0A:B0:5F:D0:B2:84:D1:14:86:18:D1:0B:DA:5C:05:3D:26:64:CD:D3","sha256":"CD:93:2A:82:94:79:3B:53:A1:99:0A:E0:20:59:9A:13:30:60:E7:03:42:39:D4:07:60:2E:3A:FB:20:F1:2C:BE"}}},"request":{"raw":"GET /check.html HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Mon, 24 Nov 2025 08:42:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69241a69-39e\"\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"088dba8e97eede53134c93219f7ebbae","sha1":"adb707654d1fe0af7d0d7a9f55660d22bd3625e4","sha256":"6da0120b4c7bc45b63fcbb87595c3c1ea2cdca482b0c48d4d2ab434f9e897aff","sha512":"23a1f87731e8aee4658993cd1ce35ec179fea80b89bf52aca7634488f1bdfcf88b9cabca4859481357a9fee06cbb49df64bbe0878b1dae0e5df4fa34003c6d80","ssdeep":"","tlshash":"6211d04934e1684c1127a6301597a2183c32a40315cbd949fb9cd7301f815a7dc596df","first_seen":"2024-11-22T16:59:41.974716Z","last_seen":"2026-03-04T10:11:28.020186Z","times_seen":13721,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hdbkome.com/setuid?dXakxkvwuUbgEUVWFGsl","fqdn":"hdbkome.com","domain":"hdbkome.com","tld":"com"},"ip":{"addr":"31.220.27.135","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hdbkome.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 23:25:20 GMT","end":"Tue, 24 Feb 2026 23:25:19 GMT"},"fingerprint":{"sha1":"DD:61:1B:43:65:6C:C3:B4:C0:8D:DE:52:F7:BD:E9:4F:55:E3:B1:35","sha256":"F0:1E:3A:68:62:B0:F2:59:EB:27:18:D0:8F:44:80:56:4A:12:C9:51:C9:55:15:9E:61:AB:F2:60:AD:AA:E1:6C"}}},"request":{"raw":"GET /setuid?dXakxkvwuUbgEUVWFGsl HTTP/1.1\r\nHost: hdbkome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru2.obmenvsem.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.23.2\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 74\r\nset-cookie: dmpUid=dXakxkvwuUbgEUVWFGsl; expires=Wed, 30 Dec 2026 13:43:25 GMT; domain=hdbkome.com; path=/; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"9e24e19b024c44b778301d880bd8e6f4","sha1":"d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e","sha256":"01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb","sha512":"4957e24a00b7ff54b350c33392560937e69ee5accf2e439781e27b4ac506eeeddef3bebd5d911185add175d648f4636dc5116e311b9c6c6ed34b842153e0b124","ssdeep":"","tlshash":"1ba022e22380fcbccc220033002003b0ceb0802808208e0f0c2c8c3a0800a0880cc383","first_seen":"2023-04-06T20:02:01Z","last_seen":"2026-04-04T21:36:05.148262Z","times_seen":6214,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"hdbkome.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrtb.tds.bid/usersync?id={userID}\u0026dspcsid=Kadam","fqdn":"openrtb.tds.bid","domain":"tds.bid","tld":"bid"},"ip":{"addr":"85.202.195.162","port":443,"asn":48716,"as":"PS Internet Company LLP","country":"Kazakhstan","country_code":"KZ"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uuidksinc.net/matchx?gdpr=0\u0026gdpr_consent=","date":"2025-12-30T13:43:25.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tds.bid","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 10:53:53 GMT","end":"Sun, 15 Mar 2026 10:53:52 GMT"},"fingerprint":{"sha1":"28:D5:F8:33:8D:A0:02:9A:CE:C0:CB:45:9D:18:0A:49:6C:66:B1:50","sha256":"13:B9:EF:A0:CA:75:54:14:1C:B7:7D:15:C3:82:D1:39:72:CE:94:AB:AA:74:28:07:68:6E:39:81:BF:38:95:08"}}},"request":{"raw":"GET /usersync?id={userID}\u0026dspcsid=Kadam HTTP/1.1\r\nHost: openrtb.tds.bid\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uuidksinc.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:26 GMT\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T22:47:04.158538Z","times_seen":13349726,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":191,"dns":4,"connect":90,"send":0,"wait":92,"receive":0,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/css/style.css","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/new/css/style.css HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 10 Nov 2023 00:13:14 GMT\r\netag: W/\"654d759a-1efd8\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":126936,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5844)","md5":"de8618fc36b5d1ab91eb73257b6880e0","sha1":"3ec688bcf5b254d0cb721d92efc868f3ffe6f0f2","sha256":"5fb474fb597ebb3687b3e8f718576203a243694efab1def0e5df782f1dafd066","sha512":"6c599f370a4f7d75af68dc0bfd6697b4bea7c938968bc7b1c6326ad48ac6cf0298e2f517ef2b88e9b370d941bbc0c988d7b00981fa69528e06e342e9c5da398a","ssdeep":"1536:7SCK6ceVpN2XjdvL5V6J9ikKKsRsbFDSbF1DOblpsfXTLTryYgeYzkC:QXHV6J9ikKKsRsbFDSB1W3wXp/okC","tlshash":"98c351a672645b91241f88545bc59b22336cd013c94ef9fc6ed3150c8fca7caa6a23df","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.875131Z","times_seen":79,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sasisa.org/forum/img/noimage.gif","fqdn":"sasisa.org","domain":"sasisa.org","tld":"org"},"ip":{"addr":"85.17.28.52","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sasisa.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Dec 2025 08:50:40 GMT","end":"Sat, 21 Mar 2026 08:50:39 GMT"},"fingerprint":{"sha1":"E5:4A:78:62:1E:82:2F:E8:4C:A3:62:4E:6B:5C:20:4D:05:0B:5B:A4","sha256":"47:5E:25:A4:61:E5:31:3B:C3:4C:C1:41:ED:F2:AC:71:66:03:67:73:F1:38:DB:0F:32:21:CF:C1:16:47:75:C8"}}},"request":{"raw":"GET /forum/img/noimage.gif HTTP/1.1\r\nHost: sasisa.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: image/gif\r\ncontent-length: 297\r\nlast-modified: Mon, 10 Aug 2009 19:26:11 GMT\r\netag: \"4a807453-129\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":297,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 30 x 30","md5":"d45ab0c215bc1294cbf5b32052a4a97e","sha1":"ec5afc54bce3640fa5094f712b7b1aa4a756af96","sha256":"0d8da0e7bdaf98a87b1a31b66f5432820ee138b9047359ed9de92903644b09c2","sha512":"a6dd288055635b1346121413859f62baf2db4ac18ce633af6e55d8e3809e33180b2698d17a0fd0c9f279f25507460c9b96364ff26fac75a4370c3282c2275fca","ssdeep":"","tlshash":"60e0eb0385009400ca6a94bcfd471f0df6414ccc28861bae2c4813505e0b20241d26cc","first_seen":"2025-12-21T10:04:45.996714Z","last_seen":"2026-04-03T15:41:56.864307Z","times_seen":64,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":85,"dns":27,"connect":25,"send":0,"wait":22,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"sasisa.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hdbkome.com/g1eksgsz.js","fqdn":"hdbkome.com","domain":"hdbkome.com","tld":"com"},"ip":{"addr":"31.220.27.135","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hdbkome.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 23:25:20 GMT","end":"Tue, 24 Feb 2026 23:25:19 GMT"},"fingerprint":{"sha1":"DD:61:1B:43:65:6C:C3:B4:C0:8D:DE:52:F7:BD:E9:4F:55:E3:B1:35","sha256":"F0:1E:3A:68:62:B0:F2:59:EB:27:18:D0:8F:44:80:56:4A:12:C9:51:C9:55:15:9E:61:AB:F2:60:AD:AA:E1:6C"}}},"request":{"raw":"GET /g1eksgsz.js HTTP/1.1\r\nHost: hdbkome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.23.2\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 16 Sep 2025 16:23:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c98f1c-614f\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24911,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19350)","md5":"727cc3e9024a6cfc341cdaaf530aad11","sha1":"e34b1ce39c52b952152f26b9c342d28998a04296","sha256":"7a1034e4473da66ac572557d95b5d78101770a20351bd47d3a9c9d1254f4b97f","sha512":"0dc8572090bbde82d3d6c3ca1cdd492cc449e41d6a48a3f3a8219ff51f2c49963b06ce4845d0849e64a6f42dcecd7e142c4f08287968cd6b2bbc0a1a9babe359","ssdeep":"768:wt4sMcvfNV7koNr3r9wRfzcMEgR3EumZ9inl3:s57kcbMEgdE9Z9id","tlshash":"30b2f9c876a9b86603a675b6d03f614ef23ba655380e8010d117f5d07c7e58fe223ead","first_seen":"2025-09-20T14:07:03.144236Z","last_seen":"2026-04-03T15:41:56.88065Z","times_seen":163,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":26,"dns":6,"connect":17,"send":0,"wait":19,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"hdbkome.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tsyndicate.com/api/v2/ssp/set-client-id/X1Edn2OQGBSoDtSyyVQmYf1FVPo9GS5t?id=dXakxkvwuUbgEUVWFGsl","fqdn":"tsyndicate.com","domain":"tsyndicate.com","tld":"com"},"ip":{"addr":"136.243.90.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uuidksinc.net/matchx?gdpr=0\u0026gdpr_consent=","date":"2025-12-30T13:43:25.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsyndicate.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 12 Nov 2025 21:10:04 GMT","end":"Tue, 10 Feb 2026 21:10:03 GMT"},"fingerprint":{"sha1":"BB:2C:CE:C9:92:0E:A9:18:50:BD:8C:7E:7D:B2:E6:CC:72:54:29:18","sha256":"3B:E3:8E:A4:C5:EC:08:3B:96:2B:B0:16:ED:56:3F:0A:CD:55:81:4A:8F:FC:97:83:57:FC:6E:F9:FD:F4:43:83"}}},"request":{"raw":"GET /api/v2/ssp/set-client-id/X1Edn2OQGBSoDtSyyVQmYf1FVPo9GS5t?id=dXakxkvwuUbgEUVWFGsl HTTP/1.1\r\nHost: tsyndicate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uuidksinc.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\npragma: no-cache\r\nexpires: 0\r\nvary: *\r\nx-api-version: 2\r\nset-cookie: ccid-X1Edn2OQGBSoDtSyyVQmYf1FVPo9GS5t=dXakxkvwuUbgEUVWFGsl; path=/; secure; SameSite=None\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, no-transform\r\nx-robots-tag: none, noindex, nofollow\r\nreport-to: { \"url\": \"https://pxl.tsyndicate.com/api/v1/heavy-ad/report\", \"max_age\": 86401 }\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64\r\npermissions-policy: ch-ua-model=(self \"https://tsyndicate.com\"), ch-ua-platform-version=(self)\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ba036c43037cfe89320d1ef7b64cd43f","sha1":"88c72d3e26047eb1e45e5564a76427734f120efe","sha256":"42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb","sha512":"aa80ccd27c05eb729f730b9d830b011650bcf12cbb25d19edf29efcf962c7465bb5685a5ff5d084356c6710c08e829d16b59e7a59a41767eb14744f326b6c124","ssdeep":"","tlshash":"19900403f5400003d175d03107170340134cd110057c0307405d505cdc553510c01010","first_seen":"2023-05-10T09:10:20Z","last_seen":"2026-04-04T21:01:34.021183Z","times_seen":14436,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":59,"dns":3,"connect":25,"send":0,"wait":26,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/chicken.gif?z=1861886\u0026pb=6bec7cd971b1fbdcd33dfa6e72313e9e1767109405\u0026pbc=I_t0C_GXhVgd81Np\u0026pbi=uQkSMRcicggd81Np\u0026pbu=WokUQoZgYK0d81Np\u0026psp=_-GRU6EfZUeWkcp-uF5wEeGcudHb3WHgfeFDw1aZ61Bs-yQEFDp9wRK3bLq2_ljuMB_EA8y3u_t0kVICKZswvLvoYP2NQ3M8-HsJO3LHo9N-u3unoAnrhH0QlLqRTFdJe0zspPHqiQ2ttv_1BMYvjRs-9aqva4BAGGR5KqAyhHrEcFXwt68V2TV5KB3WBi4hMm1QkTylWs373VFD3Np-oWpI4gMIfhfKCNpsZhy1n7biE4tgqbYpx2IwRDQQeQvTgtxANhSuUw4izPXnwYMWxLoJfYGsl8prG5ubh2gRzgxKoIVzu4uSpBOSuEUdwmYPLWfdZKktRg-Yh2uMgVfllIpEK0S1_yblDjD2E58GCkwLWnIQvS3vlnlbYRn1el1Xj24qSGHiuhWG2QQiZRuxD8Z_5GF2_9DmJFi4edwc-FLzj5y5unUrYRLyfaUU6FyZZX2NVNhq-TMVYHWps7jVJAISJb6SB-3-SuiN_2pgxDqmy4972WKfVlUbCoeGNhl3v7JBuztz-8QIkCYXp4KgAy8bbZb91nhxypYqpDs4afP24Kcc-6SinVpl5VHLwmkqnvLGsi-ilVdz_yaT2kRb_sJm2y4wGjU8JJThkJ3pF0UdFflxT_VQyR2qL58pppWnfvTcHj_gV_gcFhHHyTK-1jjSAxtPsrIoEmtNVWqW2aPgbqJRC65A2htu2xUAtHNE9YvA3QLrj1-286y2P-7D6ilYOc8cQk3pi87xB02sn_fPtN89M2KQuioFjxLxIPKeeyF4MfmLdUSwZNsrQwZCVM0Ugc2lydDuKbAlnsYazUoj_4MW3vxGBoFpFbkyeeH6JiYPp5nlL3gQwn3MM8tKhsuOTjpEUjImbU8sjxE2EUSA7qFGnfiJ72FIiX9tEkqel8yXIOortGZmtrS3_2dTmG3zXKOenrk0d0ZN94s0IH8i_MhKrQl9Me8p2usXoY50y-GXxO8bv_fPDLvUP3emoai8c9XCH0DhhndPs_KAiCz4_1Rs7dTga53cDHbUHw==\u0026freq=0\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=bA1TKOPaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=4056458484202496\u0026caifrq=ADQJaAAAAAAAAAAB\u0026eclog=0\u0026snc=0\u0026ssc=2\u0026tp=0\u0026vp=0\u0026pkw=0\u0026pload=1870\u0026rlp=%5B0%2C35%2C204%2C140%2C19750%2C4757%2C721%2C4610%2C1%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:27.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 16:08:12 GMT","end":"Sun, 15 Mar 2026 16:08:11 GMT"},"fingerprint":{"sha1":"0A:B0:5F:D0:B2:84:D1:14:86:18:D1:0B:DA:5C:05:3D:26:64:CD:D3","sha256":"CD:93:2A:82:94:79:3B:53:A1:99:0A:E0:20:59:9A:13:30:60:E7:03:42:39:D4:07:60:2E:3A:FB:20:F1:2C:BE"}}},"request":{"raw":"GET /chicken.gif?z=1861886\u0026pb=6bec7cd971b1fbdcd33dfa6e72313e9e1767109405\u0026pbc=I_t0C_GXhVgd81Np\u0026pbi=uQkSMRcicggd81Np\u0026pbu=WokUQoZgYK0d81Np\u0026psp=_-GRU6EfZUeWkcp-uF5wEeGcudHb3WHgfeFDw1aZ61Bs-yQEFDp9wRK3bLq2_ljuMB_EA8y3u_t0kVICKZswvLvoYP2NQ3M8-HsJO3LHo9N-u3unoAnrhH0QlLqRTFdJe0zspPHqiQ2ttv_1BMYvjRs-9aqva4BAGGR5KqAyhHrEcFXwt68V2TV5KB3WBi4hMm1QkTylWs373VFD3Np-oWpI4gMIfhfKCNpsZhy1n7biE4tgqbYpx2IwRDQQeQvTgtxANhSuUw4izPXnwYMWxLoJfYGsl8prG5ubh2gRzgxKoIVzu4uSpBOSuEUdwmYPLWfdZKktRg-Yh2uMgVfllIpEK0S1_yblDjD2E58GCkwLWnIQvS3vlnlbYRn1el1Xj24qSGHiuhWG2QQiZRuxD8Z_5GF2_9DmJFi4edwc-FLzj5y5unUrYRLyfaUU6FyZZX2NVNhq-TMVYHWps7jVJAISJb6SB-3-SuiN_2pgxDqmy4972WKfVlUbCoeGNhl3v7JBuztz-8QIkCYXp4KgAy8bbZb91nhxypYqpDs4afP24Kcc-6SinVpl5VHLwmkqnvLGsi-ilVdz_yaT2kRb_sJm2y4wGjU8JJThkJ3pF0UdFflxT_VQyR2qL58pppWnfvTcHj_gV_gcFhHHyTK-1jjSAxtPsrIoEmtNVWqW2aPgbqJRC65A2htu2xUAtHNE9YvA3QLrj1-286y2P-7D6ilYOc8cQk3pi87xB02sn_fPtN89M2KQuioFjxLxIPKeeyF4MfmLdUSwZNsrQwZCVM0Ugc2lydDuKbAlnsYazUoj_4MW3vxGBoFpFbkyeeH6JiYPp5nlL3gQwn3MM8tKhsuOTjpEUjImbU8sjxE2EUSA7qFGnfiJ72FIiX9tEkqel8yXIOortGZmtrS3_2dTmG3zXKOenrk0d0ZN94s0IH8i_MhKrQl9Me8p2usXoY50y-GXxO8bv_fPDLvUP3emoai8c9XCH0DhhndPs_KAiCz4_1Rs7dTga53cDHbUHw==\u0026freq=0\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=bA1TKOPaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=4056458484202496\u0026caifrq=ADQJaAAAAAAAAAAB\u0026eclog=0\u0026snc=0\u0026ssc=2\u0026tp=0\u0026vp=0\u0026pkw=0\u0026pload=1870\u0026rlp=%5B0%2C35%2C204%2C140%2C19750%2C4757%2C721%2C4610%2C1%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5 HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cart=1; cart_p=2; CHCK=1; PTS=; UID=2512300843abd5894df8454024b7f1b38f8f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:27 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-route-id: stats.impression\r\nset-cookie: BCAI=ADQJaAAAAAAAAAAB; Path=/; Expires=Wed, 31 Dec 2025 13:43:27 GMT; Secure; SameSite=None\nBMI=AEaGKwAAAAAAAAAB; Path=/; Expires=Wed, 31 Dec 2025 13:43:27 GMT; Secure; SameSite=None\nBCRI=cM9GzAAAAAAAAAAB; Path=/; Expires=Wed, 31 Dec 2025 13:43:27 GMT; Secure; SameSite=None\nOACICAP=ADQJaAAAAAAAAAAB; Path=/; Expires=Thu, 29 Jan 2026 13:43:27 GMT; Secure; SameSite=None\nOACIBLOCK=ADQJaAAAAABpU1xQ; Path=/; Expires=Thu, 29 Jan 2026 13:43:27 GMT; Secure; SameSite=None\nIMC_102=1; Path=/; Expires=Wed, 31 Dec 2025 13:43:27 GMT; Secure; SameSite=None\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"28e463819a210071de3b45ebe7633613","sha1":"6dccd571828ec0912629119cf7eabfea9f33ddbc","sha256":"44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84","sha512":"8a82ac5a7883cd9b74bdb561cf825ce86474e259ad8c445e538d697b0003e3f2b1d6edcd3dc6512f4ad16e9074da204a79938257c457ecf68f4329eac0182e67","ssdeep":"","tlshash":"04900003e280e082c3a0c0300e0ccb802b88a2308a28030fb0fc2baefc3a3a20c23000","first_seen":"2023-04-05T09:26:54Z","last_seen":"2026-04-04T21:57:04.856134Z","times_seen":20465,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obmenvsem.com/info.php?id=5220386","fqdn":"obmenvsem.com","domain":"obmenvsem.com","tld":"com"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-30T13:43:24.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 21 Nov 2025 11:33:52 GMT","end":"Thu, 19 Feb 2026 11:33:51 GMT"},"fingerprint":{"sha1":"09:41:8E:B5:3C:3C:FF:59:90:86:11:9A:57:6E:64:94:84:BC:F5:73","sha256":"68:6B:CF:66:28:23:F4:F2:1F:D9:FC:04:CE:CA:26:63:C3:D3:AA:D0:54:BE:90:D2:41:08:5F:D8:C6:69:68:1A"}}},"request":{"raw":"GET /info.php?id=5220386 HTTP/1.1\r\nHost: obmenvsem.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":66112,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T22:47:04.158538Z","times_seen":13349726,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":94,"dns":15,"connect":23,"send":0,"wait":24,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/images/file_icons/image_win.png","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/images/file_icons/image_win.png HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: image/png\r\ncontent-length: 709\r\nlast-modified: Fri, 28 Feb 2014 13:49:18 GMT\r\netag: \"531093de-2c5\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":709,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"9cb321f6001789e5f19f59e93d4c9933","sha1":"e7e55cee4fcf243836ed0edba50b690234a583b3","sha256":"6b7375b60bdf5f32b06f5bdcb31fdbd35190a7068307a93d9cfe4a0365594cb6","sha512":"da9620524eadb360126d10382164f63838a8f979ee1f0fc7411bf868155cf81d308e167ee877da1ee1b1905c3ea6d7d22c87bf91fe4247f3dc244b240129cb97","ssdeep":"","tlshash":"2b0115e52cbd39b89bc8e99a234f42d2c4ab8bd904e1139ed1a58954502854851f3611","first_seen":"2024-12-01T13:23:16.706579Z","last_seen":"2026-04-03T15:41:56.872559Z","times_seen":66,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/i/npage/1861886/code.js","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 16:08:12 GMT","end":"Sun, 15 Mar 2026 16:08:11 GMT"},"fingerprint":{"sha1":"0A:B0:5F:D0:B2:84:D1:14:86:18:D1:0B:DA:5C:05:3D:26:64:CD:D3","sha256":"CD:93:2A:82:94:79:3B:53:A1:99:0A:E0:20:59:9A:13:30:60:E7:03:42:39:D4:07:60:2E:3A:FB:20:F1:2C:BE"}}},"request":{"raw":"GET /i/npage/1861886/code.js HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Wed, 24 Dec 2025 12:35:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694bde26-2f49f\"\r\nx-js-ab2: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193505,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5b12ecfd0f59565fe7d516584b6f1c0c","sha1":"0449b41a72f22aca7dd0d54d23382548871e53b8","sha256":"4e203fe065e5f8ab832c996f3afc82c5d8789d10913f09a621fad923d5950961","sha512":"de178f8951cc078d3f83d6127b36bafb4f9c4bb4d3faf5344f50cb12410646bae755307accf0de626d6d80ef39f76f5999d1880e1aa664b543e6a899d0073771","ssdeep":"1536:mUwGREVfFa9EmpdpvWdNpFuQHKXr8QyZBdgmZzIF+qS16v4ApZXvRIIxrS06IBuO:mUgtk4v+IzxqS38/RTrPB5+k","tlshash":"d614819ce95c2cf68182903ed82f4d0e5365d4e1d1ce4264caf2cbf547b8e279239a79","first_seen":"2025-12-30T13:43:52.720894Z","last_seen":"2026-01-04T05:56:58.489073Z","times_seen":2,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":1,"connect":21,"send":0,"wait":28,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rkgwzfwjgk.com/get/1861886?zoneid=1861886\u0026jp=_clxupsynckwjolugbcdmmq\u0026dr=102\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=mt6oSSQaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2930558577218560\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=1148\u0026rlp=%5B0%2C35%2C204%2C140%2C4726%2C2698%2C583%2C2551%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0\u0026freq=0","fqdn":"rkgwzfwjgk.com","domain":"rkgwzfwjgk.com","tld":"com"},"ip":{"addr":"212.117.190.201","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkgwzfwjgk.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 16:08:12 GMT","end":"Sun, 15 Mar 2026 16:08:11 GMT"},"fingerprint":{"sha1":"0A:B0:5F:D0:B2:84:D1:14:86:18:D1:0B:DA:5C:05:3D:26:64:CD:D3","sha256":"CD:93:2A:82:94:79:3B:53:A1:99:0A:E0:20:59:9A:13:30:60:E7:03:42:39:D4:07:60:2E:3A:FB:20:F1:2C:BE"}}},"request":{"raw":"GET /get/1861886?zoneid=1861886\u0026jp=_clxupsynckwjolugbcdmmq\u0026dr=102\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=mt6oSSQaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2930558577218560\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=1148\u0026rlp=%5B0%2C35%2C204%2C140%2C4726%2C2698%2C583%2C2551%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0\u0026freq=0 HTTP/1.1\r\nHost: rkgwzfwjgk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-route-id: config\r\nset-cookie: CHCK=1; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\nUID=2512300843abd5894df8454024b7f1b38f8f; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\r\ncontent-encoding: gzip\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8806,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (8806), with no line terminators","md5":"02de454c51047d3cf82b6344e3ddaa0d","sha1":"002945ebfcd4b3bda51820eda4514ebb977ee360","sha256":"6ce0a652b98a84e77b651d32843fce73b6457136f3858e1354d99996208ef5e6","sha512":"2f7be747af7e2f3daba6c5b28fa6503567ce9cecc058a6e0f761967b0e73ed9a9379192df91a9da4410d22ef4f6d00bd70518212527ea3b4fa4049ff921cfa37","ssdeep":"192:uMByOg9EWJNm2TRutNvpvkctR21mX5ejOV1NfK:T6urpcctSOlK","tlshash":"89027c899890ce92d5c95d0b903e8f3d79c20c7f8c3f866291a5dc0798153f2ecab5e2","first_seen":"2025-12-30T13:43:52.724025Z","last_seen":"2025-12-30T13:43:52.724025Z","times_seen":1,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"rkgwzfwjgk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.pncloudfl.com/pn/818/552/0c9/8185520c9182e6dfced11aef85e3b8e48d64cea7.gif","fqdn":"cdn.pncloudfl.com","domain":"pncloudfl.com","tld":"com"},"ip":{"addr":"172.66.165.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.pncloudfl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 15:15:13 GMT","end":"Tue, 10 Mar 2026 16:15:09 GMT"},"fingerprint":{"sha1":"69:FC:7A:1D:92:39:0C:46:9A:C6:8A:01:99:0A:3F:46:9B:07:6E:1C","sha256":"7A:9B:C4:27:F6:F6:B3:AA:70:FE:EF:72:89:DC:CC:4F:73:D7:05:64:8C:E7:64:2F:FE:BE:08:DB:0E:62:B6:14"}}},"request":{"raw":"GET /pn/818/552/0c9/8185520c9182e6dfced11aef85e3b8e48d64cea7.gif HTTP/1.1\r\nHost: cdn.pncloudfl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 4523\r\nx-amz-id-2: nlcpkqoTJlWq4xg08eTHWBjFB+9NN+GIgn6dcYmK/+HK0Dqe4d/LUtb82broimc+07AIO8GK6Gw=\r\nx-amz-request-id: CAR67MDDCDZBAM3Z\r\nlast-modified: Fri, 29 Aug 2025 14:18:31 GMT\r\netag: \"064f0f1a98bb893124bbca8ba622b944\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: cloudflare\r\ncf-bgj: imgq:100,h2pri\r\npriority: u=4;i=?0,cf-chb=(462;u=3;i=?0 4521;u=5;i=?0)\r\ncf-polished: ok\r\naccess-control-allow-origin: *\r\nage: 4024\r\ncache-control: max-age=432000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncf-ray: 9b61f75228f6120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4523,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 192 x 192","md5":"064f0f1a98bb893124bbca8ba622b944","sha1":"8185520c9182e6dfced11aef85e3b8e48d64cea7","sha256":"65894e5688d8d318f4389346030147818e7c65dd30078358c9618582df08f313","sha512":"63e24666b2b4e02e1be2c63de05df78eee85f5b3f95dec598669d5869bfcaf7431cc59be3e0ea47cf1d4c476fab434fc0c98838c834818ad18d511d1ecea920f","ssdeep":"96:3Ol8k+qf3yDgcCqkI9PPx0uPnNp8fREKxiZEJc1xpW9r6NOgcm2n:08k+q6DguZPx0GKxg1znOgct","tlshash":"69917cac55f83865c59bb57318eb8b8ea94a1d0848b304ff64a4d7aeb3407d704098b6","first_seen":"2025-07-03T06:02:24.624908Z","last_seen":"2026-04-04T18:33:46.418149Z","times_seen":100,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":47,"dns":14,"connect":1,"send":0,"wait":6,"receive":1,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.pncloudfl.com/pn/d6c/303/169/d6c303169f16834659ea448f5470aa514aadce6b.png","fqdn":"cdn.pncloudfl.com","domain":"pncloudfl.com","tld":"com"},"ip":{"addr":"172.66.165.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.pncloudfl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 15:15:13 GMT","end":"Tue, 10 Mar 2026 16:15:09 GMT"},"fingerprint":{"sha1":"69:FC:7A:1D:92:39:0C:46:9A:C6:8A:01:99:0A:3F:46:9B:07:6E:1C","sha256":"7A:9B:C4:27:F6:F6:B3:AA:70:FE:EF:72:89:DC:CC:4F:73:D7:05:64:8C:E7:64:2F:FE:BE:08:DB:0E:62:B6:14"}}},"request":{"raw":"GET /pn/d6c/303/169/d6c303169f16834659ea448f5470aa514aadce6b.png HTTP/1.1\r\nHost: cdn.pncloudfl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5260\r\nx-amz-id-2: R7nINslBagciMSaa/wFfY0Uijjx0xV2ExSeKAxfImIdQ5I/7bbQ5UMArXtFZJ5CjFEVHD+gYxR0=\r\nx-amz-request-id: KAYRQCWDPAE9C46D\r\nlast-modified: Tue, 09 Sep 2025 13:37:27 GMT\r\netag: \"740d9fea030595dd1e18d974a02f7d43\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: cloudflare\r\ncf-polished: ok\r\naccess-control-allow-origin: *\r\ncf-bgj: h2pri,imgq:100\r\npriority: u=4;i=?0,cf-chb=(89;u=5;i=?0)\r\nvary: accept, accept-encoding\r\nage: 1551\r\ncache-control: max-age=432000\r\ncf-cache-status: HIT\r\ncf-ray: 9b61f7522906120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5260,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1a89154d8c855a43ad74a931f364d13d","sha1":"a61e8e7484ed282d54abe2b03fe5cc4b6cde65ab","sha256":"6b514acba7c666e4c3ba6b0d7086873bee53ef3cf2ce4c0c61cfef21b284cd69","sha512":"ecf79b1319c78674b9948554ca186f6ceda09e44377ef9813e026e56945d76fdb66153c5a3519d5b55cde1e645c4fc83367d6237f35b4ee2e4b7882e4f49c3e5","ssdeep":"96:LuaJKPL7YblTfO2c2vozm8IdrXE+k5hmz01yebyGV2nwH51KM7Q3W2nVqKV3:LpMoblTfX1ozodrX2hmAQeWG0U5sWqqW","tlshash":"39b19d002515087e70c31fbf9022836e695182f5a3889e3527dba0496e30bdf96bf69e","first_seen":"2025-03-30T05:58:45.7759Z","last_seen":"2026-04-04T18:33:46.362612Z","times_seen":83,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":43,"dns":0,"connect":1,"send":0,"wait":4,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kuolkoola.com/18039","fqdn":"kuolkoola.com","domain":"kuolkoola.com","tld":"com"},"ip":{"addr":"172.67.195.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:26.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kuolkoola.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 07:23:19 GMT","end":"Tue, 10 Feb 2026 08:21:01 GMT"},"fingerprint":{"sha1":"FC:2B:19:59:1B:38:FB:C7:30:93:16:58:CE:B8:18:51:DA:3B:EC:FC","sha256":"4C:64:6D:FC:40:95:00:94:2F:68:3B:50:95:C3:BC:4E:E5:03:71:D8:2E:42:96:E5:4C:49:33:A3:F6:35:4D:3C"}}},"request":{"raw":"POST /18039 HTTP/1.1\r\nHost: kuolkoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru2.obmenvsem.cc/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 139\r\nOrigin: https://ru2.obmenvsem.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":139,"data":"{\"visitor_id\":\"\",\"utm_source\":\"kd\",\"utm_campaign\":342805,\"utm_content\":\"\",\"domain\":\"obmenvsem.org\",\"proto\":\"https:\",\"mode\":\"strict_native\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 13:43:26 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://ru2.obmenvsem.cc\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nset-cookie: userid=0f5af119-9656-488d-ac63-91b3e01950c3; expires=Mon, 30-Dec-2030 13:43:26 GMT; Path=/; SameSite=None; Secure\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-request-id: 295b5e2e7c3eaa9ababc848c8da34f9f\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nx-ng-name: front7\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LGiQwrCeqDLL5tLy27BUBsjyN56%2FSv9et2yLcksqRZR01T%2FDypwp2uAJU%2Ff9Twp7c5Af2fdWEtUARbR4eP3tUhnqfeQQsQK3p13o\"}]}\r\ncf-ray: 9b61f756080f7130-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3254,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b256e4c46d7afdc1f8453682a92bbebc","sha1":"2b61513123bb85e0e5dda8872b51a6e17b210e54","sha256":"55c5efea884a2981c094048bfb7e552a36fbe310bc848f19d09dacba7d45f6a1","sha512":"f779fab726f9f6a64857651bb9b4616780745653bec263e79f0eccc1d317ff98582dce8649ebacdfaf0220f3f4197bda629e5db0b22ca0a42ae3dfe01c809581","ssdeep":"","tlshash":"9d6178cb22f9822f81c53ddad7765c7d70268d98df4a439aefdaa417d8172344b09384","first_seen":"2025-12-30T13:43:52.728953Z","last_seen":"2025-12-30T13:43:52.728953Z","times_seen":1,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":2,"dns":5,"connect":1,"send":0,"wait":48,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/fonts/Manrope-Medium.woff2","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/new/fonts/Manrope-Medium.woff2 HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 30388\r\nlast-modified: Mon, 02 Oct 2023 08:54:28 GMT\r\netag: \"651a8544-76b4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30388,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 30388, version 1.0","md5":"f9f6b7a211641bf4e36a84a30450499f","sha1":"c16f52bc33db2b501ea9542d4e8cb582c5d40b77","sha256":"d54e2d58d4375df23926ba135d92140943811311b11b95bbe7275ec3329f14be","sha512":"1fc08f3cd12973b25050daf9282ed2bb9f88154c766acebf6a619c9d922b1dded1a382da19a9854411744e12c4cf806f7d3072fb3fdbc2d227c3df044a722116","ssdeep":"768:5EEFhJWHHq1b2G+Ei7b2xiwQQi+RD6iki:53h4HHybV+Ecb2MwQp+RD6iki","tlshash":"ccd2f1c45366737ac8e29dbb04e90e1c6a21d1812b573af949c9c3981437ba5413deef","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.863645Z","times_seen":83,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/fonts/Gotham-Bold.woff2","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/new/fonts/Gotham-Bold.woff2 HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 30124\r\nlast-modified: Mon, 02 Oct 2023 08:54:28 GMT\r\netag: \"651a8544-75ac\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30124,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 30124, version 1.0","md5":"c070aec7f7a5daf99f2df32c9288d4ec","sha1":"ad4b035eca44bd01ffe92590c8ced5999d5be321","sha256":"d6f112b6888bf69c3cb82eb2efd527c5777e76cee3f066df850f664964a4a97b","sha512":"fb0fbb190c44e7e0225cb3628a46b45e71e8d2561e196354cd14c09ff6b6a4afd2290a9e6a33839cbf7979e5a246f9b15caff557d65ab1db992b0673d236fcbd","ssdeep":"384:MGMiqGmvoOyRvsP7ttFAbQuGHxUQ7yf5oWUUIx3EqV5BoKzwL/hHaJyBh7Bt:8om777oACQ7Ge/U63Ea5BKH+Y7/","tlshash":"22d2e0839468d864afd8c6ea608744f76271a381ec903794b6b11cfa721a13f651ff20","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.883374Z","times_seen":106,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clobberprocurertightwad.com/aas/r45d/vki/1894290/b6f7a362.js","fqdn":"clobberprocurertightwad.com","domain":"clobberprocurertightwad.com","tld":"com"},"ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"clobberprocurertightwad.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 13:08:48 GMT","end":"Sun, 15 Mar 2026 13:08:47 GMT"},"fingerprint":{"sha1":"75:C3:D6:F6:D6:89:AC:DC:D3:57:8B:5F:44:24:3A:FF:B2:46:BF:1D","sha256":"4A:BC:5B:4A:BB:6F:C0:A3:AA:9E:AD:53:4F:2B:46:7F:69:D5:B7:CE:7E:42:DD:A0:10:A9:C3:41:E5:7C:C6:46"}}},"request":{"raw":"GET /aas/r45d/vki/1894290/b6f7a362.js HTTP/1.1\r\nHost: clobberprocurertightwad.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Wed, 24 Dec 2025 12:35:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694bde26-262aa\"\r\nx-js-ab2: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":156166,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7b78cb008efc792638eb5ccac72169e0","sha1":"dd5cf8f124de2c0cb2318a83317b39956dffe4a9","sha256":"286868e2b174f327b806c865bf47f301f1fdd0206767c87b1745dbcaa95ca204","sha512":"de3fa612ce25b6e57e06e128f3072f475e479975041c5fc36740efea542e5b26da16e8e024494c949f4f5192431c3eabda5c90d49af3cb7e0e9c2bb439a7bf17","ssdeep":"3072:rU0KJ2LLbnYgLevgFghmlx+uEzUgL6TQX2bH8z:9TZXyslxv+6+Nz","tlshash":"abe3638c62cee4f50b4290e9cc3f3702b63a58e29f5d41a6b573c1c929b950ed315bb9","first_seen":"2025-12-30T13:43:52.733323Z","last_seen":"2025-12-30T13:43:52.733323Z","times_seen":1,"resource_available":true,"data":null}},"time_used":193,"timings":{"blocked":69,"dns":22,"connect":17,"send":0,"wait":33,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.uuidksinc.net/match/1/?cb_url=https%3A%2F%2Fhdbkome.com%2Fsetuid%3F%5BUID%5D\u0026gdpr=0\u0026gdpr_consent=","fqdn":"s.uuidksinc.net","domain":"uuidksinc.net","tld":"net"},"ip":{"addr":"31.220.27.155","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uuidksinc.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:22:16 GMT","end":"Sat, 28 Mar 2026 23:22:15 GMT"},"fingerprint":{"sha1":"A3:04:43:DF:E7:27:A9:50:C2:BB:1F:85:9F:88:08:C5:EC:23:CE:9C","sha256":"0A:4A:19:47:D5:5B:1B:87:C8:B1:25:95:05:A5:F0:D5:1F:A1:A0:DE:36:53:90:85:15:21:1A:64:2B:18:4B:F0"}}},"request":{"raw":"GET /match/1/?cb_url=https%3A%2F%2Fhdbkome.com%2Fsetuid%3F%5BUID%5D\u0026gdpr=0\u0026gdpr_consent= HTTP/1.1\r\nHost: s.uuidksinc.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.23.2\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-length: 0\r\naccess-control-allow-headers: X-Requested-With, Cache-Control, Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-origin: *\r\nlocation: https://hdbkome.com/setuid?dXakxkvwuUbgEUVWFGsl\r\nset-cookie: jcsuuid=dXakxkvwuUbgEUVWFGsl; expires=Wed, 30 Dec 2026 13:43:25 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T22:47:04.158538Z","times_seen":13349726,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":46,"dns":3,"connect":17,"send":0,"wait":18,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clobberprocurertightwad.com/solid.gif?z=1894290\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=Aq02YSuaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2086133647105024\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=913\u0026rlp=%5B0%2C35%2C204%2C140%2C3212%2C2143%2C555%2C1996%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5","fqdn":"clobberprocurertightwad.com","domain":"clobberprocurertightwad.com","tld":"com"},"ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"clobberprocurertightwad.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 13:08:48 GMT","end":"Sun, 15 Mar 2026 13:08:47 GMT"},"fingerprint":{"sha1":"75:C3:D6:F6:D6:89:AC:DC:D3:57:8B:5F:44:24:3A:FF:B2:46:BF:1D","sha256":"4A:BC:5B:4A:BB:6F:C0:A3:AA:9E:AD:53:4F:2B:46:7F:69:D5:B7:CE:7E:42:DD:A0:10:A9:C3:41:E5:7C:C6:46"}}},"request":{"raw":"POST /solid.gif?z=1894290\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=Aq02YSuaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2086133647105024\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=913\u0026rlp=%5B0%2C35%2C204%2C140%2C3212%2C2143%2C555%2C1996%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5 HTTP/1.1\r\nHost: clobberprocurertightwad.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ru2.obmenvsem.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-route-id: stats.tag.loaded\r\nset-cookie: CHCK=1; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\nUID=251230084300dbede4830a445692520d5bbf; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"28e463819a210071de3b45ebe7633613","sha1":"6dccd571828ec0912629119cf7eabfea9f33ddbc","sha256":"44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84","sha512":"8a82ac5a7883cd9b74bdb561cf825ce86474e259ad8c445e538d697b0003e3f2b1d6edcd3dc6512f4ad16e9074da204a79938257c457ecf68f4329eac0182e67","ssdeep":"","tlshash":"04900003e280e082c3a0c0300e0ccb802b88a2308a28030fb0fc2baefc3a3a20c23000","first_seen":"2023-04-05T09:26:54Z","last_seen":"2026-04-04T21:57:04.856134Z","times_seen":20465,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.pncloudfl.com/pn/8d7/728/3a8/8d77283a87040eaf49ba672b6b7acf3c01956ea6.jpg","fqdn":"cdn.pncloudfl.com","domain":"pncloudfl.com","tld":"com"},"ip":{"addr":"172.66.165.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.pncloudfl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 15:15:13 GMT","end":"Tue, 10 Mar 2026 16:15:09 GMT"},"fingerprint":{"sha1":"69:FC:7A:1D:92:39:0C:46:9A:C6:8A:01:99:0A:3F:46:9B:07:6E:1C","sha256":"7A:9B:C4:27:F6:F6:B3:AA:70:FE:EF:72:89:DC:CC:4F:73:D7:05:64:8C:E7:64:2F:FE:BE:08:DB:0E:62:B6:14"}}},"request":{"raw":"GET /pn/8d7/728/3a8/8d77283a87040eaf49ba672b6b7acf3c01956ea6.jpg HTTP/1.1\r\nHost: cdn.pncloudfl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5722\r\nx-amz-id-2: rgeHF4NZ5zkqmg7LIBZzI1d67MFSJ1KUPFs77zmSM9v4A5gqz18iIaDvBEAF887Hr/0pG+geEAOYwmX7crhHfb+mpMnIBth01My+PetF3VI=\r\nx-amz-request-id: MDV2CYCKEM1WDVN6\r\nlast-modified: Fri, 29 Aug 2025 14:18:27 GMT\r\netag: \"69a7989368f7957ac54307b7e9a559ca\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: cloudflare\r\ncf-bgj: imgq:100,h2pri\r\naccess-control-allow-origin: *\r\npriority: u=1;i=?0,cf-chb=(254;u=3;i=?0 787;u=5;i=?0 4583;u=6;i=?0)\r\ncf-polished: ok\r\nvary: accept, accept-encoding\r\nage: 2943\r\ncache-control: max-age=432000\r\ncf-cache-status: HIT\r\ncf-ray: 9b61f75228fe120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5722,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8697a9a062fc9e87ab75aed78a68ff71","sha1":"3d931d902afcdd1d52a0130eb4bffe951d5afc10","sha256":"f1faa8cef399d033c72d5b52890794f5638f1b19e52f0a38b64faaf98fbba140","sha512":"7b7627aac27d3e3e6be689fd9040d529a76ff05988a0540b9422bddba1e7d9008fb08ee3335a6228cf47f35086d1501f8eaccb992540f9a86c83f94ece093ce7","ssdeep":"96:H3Xkp7eGRWjwy28CY/N857nMLasBPkft2eq8XY9QZve7ZwrD8cvSlQ1JbsTY:HZ8y28x/NC7MWsBPOLXMq8cvSlubsU","tlshash":"acc17dc87b6045d909fd7a44eb15067ef1519913aa2c8e3ce9b7c5ac3c0a27eb830539","first_seen":"2025-12-06T10:31:25.368881Z","last_seen":"2026-04-03T17:32:49.546634Z","times_seen":83,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":44,"dns":6,"connect":4,"send":0,"wait":5,"receive":1,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kuolkoola.com/event/set","fqdn":"kuolkoola.com","domain":"kuolkoola.com","tld":"com"},"ip":{"addr":"172.67.195.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:26.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kuolkoola.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 07:23:19 GMT","end":"Tue, 10 Feb 2026 08:21:01 GMT"},"fingerprint":{"sha1":"FC:2B:19:59:1B:38:FB:C7:30:93:16:58:CE:B8:18:51:DA:3B:EC:FC","sha256":"4C:64:6D:FC:40:95:00:94:2F:68:3B:50:95:C3:BC:4E:E5:03:71:D8:2E:42:96:E5:4C:49:33:A3:F6:35:4D:3C"}}},"request":{"raw":"POST /event/set HTTP/1.1\r\nHost: kuolkoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru2.obmenvsem.cc/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 145\r\nOrigin: https://ru2.obmenvsem.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: userid=0f5af119-9656-488d-ac63-91b3e01950c3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":145,"data":"{\"event\":{\"type\":\"event_script_failed\"},\"data\":{\"visitor_id\":\"0f5af119-9656-488d-ac63-91b3e01950c3\",\"reason\":\"envIsNotSuitable\"},\"ad\":{\"type\":1}}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 13:43:26 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://ru2.obmenvsem.cc\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST\r\naccess-control-allow-headers: Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=55OrzJiUwCi4sJoZPIg5mq9BTSWdMk0flNDp8ACD0kqMYuIqnkC2DDgtXZG7%2BhVLOHtSm%2BC3BeL3qyNveqidsxPIvN6LDMzL1QvA\"}]}\r\nvary: Accept-Encoding\r\nx-request-id: 422bbbd5d3cb1be474b3354ae504d8bd\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nx-ng-name: front7\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b61f75698937130-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T22:47:04.158538Z","times_seen":13349726,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/info.php?id=5220386","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-30T13:43:24.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /info.php?id=5220386 HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv; expires=Wed, 30 Dec 2026 13:43:24 GMT; Max-Age=31536000; path=/; domain=obmenvsem.cc; HttpOnly\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":66112,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14941)","md5":"c3bc8017912c209e77955fee6fc2c314","sha1":"decd11ba737d96d0fef7f5e3be394bdab2327ede","sha256":"87b6a7311fa891c93d0e70f9091c7e9f908c4a09ec9164a4cf3446ee0ddf2074","sha512":"d6c31b3afdcef4a4d6acadc73932a9c59ac9cf6338876a8dcadbb22b34ffb48749471dcd8130dc5f3489e83a48853d2e83ffc82fe098a84ec048cc23ad0990fb","ssdeep":"768:3FQ2AFNt0E++GMltSYZoOWJ8b6VmlRoAd0AOQSAcHinVltSYZoOWJ8b67KKn:3VG++tEfE6jiVEfE67KE","tlshash":"80536c3184f150460197e2d79f59fb2aadc28407c01a9906f7fd8749afcae172f6326e","first_seen":"2025-12-30T13:43:52.736725Z","last_seen":"2025-12-30T13:43:52.736725Z","times_seen":1,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":84,"dns":13,"connect":21,"send":0,"wait":32,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/fonts/Gotham-Medium.woff2","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/new/fonts/Gotham-Medium.woff2 HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 32296\r\nlast-modified: Mon, 02 Oct 2023 08:54:28 GMT\r\netag: \"651a8544-7e28\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32296,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32296, version 1.0","md5":"77d2f5c849caf69a057994776017d8ce","sha1":"3f890dc91a3f7d23e3c4ecfc4c854ba4f7d462e9","sha256":"9afaafaa02923821bbbc7b445afe67ce68095efa6b98b8052509e1bd10ba7856","sha512":"4d46574175e1cdd054773ac52e3a9916e53348695508372983dcfb1a6cdee1b5251a38b5012387db72fbe92703c055ec376162ee4a6a633a663b805c1c1afdde","ssdeep":"768:YCSN/zWFqGNyj5SFT2QXRFMBtKXC7cXWQ1D/GPxMykzB:rS8qntSFT2NDsGQBsc","tlshash":"f6e2f1539fbc8137ea50d8bb7ba6f48cddfb48b882593a5fd067488c1a047d544e026a","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.868224Z","times_seen":108,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/img/obmenvsem_logo.png","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/new/img/obmenvsem_logo.png HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: image/png\r\ncontent-length: 4235\r\nlast-modified: Thu, 01 Feb 2024 08:30:07 GMT\r\netag: \"65bb568f-108b\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4235,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 404 x 80, 8-bit/color RGBA, non-interlaced","md5":"171f092d77bd1decedcabaae7631b4ec","sha1":"a1d94c66f4af64cbebfa7507b23a6cd935171c56","sha256":"2849b35cc6d1e207727ad85b969502e9bd3166c35b1554b6000568b05a5d8bc2","sha512":"036066dc423df9d1b2da97100faa1f5e53ea4a04275e4f206b9688a72000e27a4e80d05bcdfce5b98226ea4eccee7cef534ddd0ccb447b299fec8a70c86d30ae","ssdeep":"96:Q8dYxeUli5drhHM8HHey8qtxAGrcI/E34wpaitshJYnZ:Q8+ydrhs470GAIY4wdyYZ","tlshash":"4a915dec17b1fcf52f0f1e7d8801af2713a22956b9e5d1c6e641543ce01ec48b86b941","first_seen":"2025-10-14T15:38:28.296007Z","last_seen":"2026-04-03T15:41:56.878709Z","times_seen":76,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ds2.obmenvsemfilesec.com/fo/files_attachments/983/221/983221c7573f4510571d973b503797c6.jpg","fqdn":"ds2.obmenvsemfilesec.com","domain":"obmenvsemfilesec.com","tld":"com"},"ip":{"addr":"85.17.28.50","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ds2.obmenvsemfilesec.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 17 Dec 2025 15:58:22 GMT","end":"Tue, 17 Mar 2026 15:58:21 GMT"},"fingerprint":{"sha1":"3D:EC:E4:1E:CD:E4:16:FB:8D:5E:CB:24:C3:BF:53:A1:12:70:D4:D1","sha256":"1C:BB:70:7B:91:4E:8A:8E:71:3F:9F:57:60:C1:52:FD:C8:51:93:A6:38:C7:CD:F5:D8:13:E7:21:F9:6B:62:C3"}}},"request":{"raw":"GET /fo/files_attachments/983/221/983221c7573f4510571d973b503797c6.jpg HTTP/1.1\r\nHost: ds2.obmenvsemfilesec.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 71257\r\nlast-modified: Fri, 21 Aug 2020 17:20:22 GMT\r\netag: \"5f400256-11659\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":71257,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x639, components 3","md5":"983221c7573f4510571d973b503797c6","sha1":"9d9b2f4af5950d48dc338a894faa4958ab1e7fd5","sha256":"5c36dc3a49e1f0d0cb48a9f52231f909518801a5140bd1e7df386736a05ddc33","sha512":"727baea9c87d2d8ca1bcce1d5b8a964cd2545b6621fde847b46cedbf4bd50f2a858525d7c51937afd70d03e946b232792031d20714cc69d3de3310366e09a4c3","ssdeep":"1536:PY5b/kREl3mzeJ91baxFFFHztkOoBQLClnm+4ctpio1xrjNJZ:wuHzeJHbaxflztdoBfmVYiq7","tlshash":"72630237aa6a00d36d6715dabc4b5e7d5ae61cbc83cf474c10c58a267b2b93e4e34284","first_seen":"2025-12-30T13:43:52.741188Z","last_seen":"2025-12-30T13:43:52.741188Z","times_seen":1,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":94,"dns":27,"connect":25,"send":0,"wait":22,"receive":52,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/img/sprite/sprite.svg","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/new/img/sprite/sprite.svg HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 96697\r\nlast-modified: Mon, 02 Oct 2023 08:54:32 GMT\r\netag: \"651a8548-179b9\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96697,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0b5d6f19f94ae3a1464bf23994bc672e","sha1":"3b031e2427a5bc6aa9c30268af8af87e3318a2f8","sha256":"276190d93ef31178bd73eae41b6a6d5a5510801d8b754a3f3e37f45eb31e4a77","sha512":"077035126cff2428c111ea1f3517b76d963ad71678ff99d6dfbb3f315f0246e7f72b0e2f0ab41288f84024f21d4c5d69014950ae8bccfae52199ec733dbe20eb","ssdeep":"1536:xEfE6HFOmrkeHb9IKDSGRAysfTKukQ6BhzmO:xOIq","tlshash":"da932dfaa3e4a2d0e907f7b0d7277475702735f93e12c56887986e64eb320ad845dc82","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.860266Z","times_seen":79,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clobberprocurertightwad.com/check.html","fqdn":"clobberprocurertightwad.com","domain":"clobberprocurertightwad.com","tld":"com"},"ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"clobberprocurertightwad.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 13:08:48 GMT","end":"Sun, 15 Mar 2026 13:08:47 GMT"},"fingerprint":{"sha1":"75:C3:D6:F6:D6:89:AC:DC:D3:57:8B:5F:44:24:3A:FF:B2:46:BF:1D","sha256":"4A:BC:5B:4A:BB:6F:C0:A3:AA:9E:AD:53:4F:2B:46:7F:69:D5:B7:CE:7E:42:DD:A0:10:A9:C3:41:E5:7C:C6:46"}}},"request":{"raw":"GET /check.html HTTP/1.1\r\nHost: clobberprocurertightwad.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Mon, 24 Nov 2025 08:42:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69241a69-39e\"\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"088dba8e97eede53134c93219f7ebbae","sha1":"adb707654d1fe0af7d0d7a9f55660d22bd3625e4","sha256":"6da0120b4c7bc45b63fcbb87595c3c1ea2cdca482b0c48d4d2ab434f9e897aff","sha512":"23a1f87731e8aee4658993cd1ce35ec179fea80b89bf52aca7634488f1bdfcf88b9cabca4859481357a9fee06cbb49df64bbe0878b1dae0e5df4fa34003c6d80","ssdeep":"","tlshash":"6211d04934e1684c1127a6301597a2183c32a40315cbd949fb9cd7301f815a7dc596df","first_seen":"2024-11-22T16:59:41.974716Z","last_seen":"2026-03-04T10:11:28.020186Z","times_seen":13721,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uuidksinc.net/matchx?gdpr=0\u0026gdpr_consent=","fqdn":"uuidksinc.net","domain":"uuidksinc.net","tld":"net"},"ip":{"addr":"31.220.27.155","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uuidksinc.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:22:16 GMT","end":"Sat, 28 Mar 2026 23:22:15 GMT"},"fingerprint":{"sha1":"A3:04:43:DF:E7:27:A9:50:C2:BB:1F:85:9F:88:08:C5:EC:23:CE:9C","sha256":"0A:4A:19:47:D5:5B:1B:87:C8:B1:25:95:05:A5:F0:D5:1F:A1:A0:DE:36:53:90:85:15:21:1A:64:2B:18:4B:F0"}}},"request":{"raw":"GET /matchx?gdpr=0\u0026gdpr_consent= HTTP/1.1\r\nHost: uuidksinc.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nCookie: jcsuuid=dXakxkvwuUbgEUVWFGsl\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.23.2\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\nset-cookie: jcsuuid=dXakxkvwuUbgEUVWFGsl; expires=Wed, 30 Dec 2026 13:43:25 GMT; domain=idksinc.net; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2759,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2653)","md5":"5239c325c403fea7f9df4d62449d434f","sha1":"fbc12853d481ff4d22e9b96362a67452799e158a","sha256":"414db6358ff58fa8d5b347f9a5d25a0877ba043d7766eea417383c07532f55d6","sha512":"ccf28d36576ceb6d1c4b84389fae7d1fc560ed8a91fbf1fa0e6c3074e21c7073d992de05489e0a45c4b7b0c9257925887eee6c78b656f7fbdc4ece4a7922589b","ssdeep":"","tlshash":"8951c7ff724a74264b4150d6202f9304e47b5014b99ac941ed99f8d09d78aef43b2dac","first_seen":"2025-12-30T13:43:52.744156Z","last_seen":"2025-12-30T13:43:52.744156Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tuhesok.com/58854.js","fqdn":"tuhesok.com","domain":"tuhesok.com","tld":"com"},"ip":{"addr":"88.208.46.49","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tuhesok.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Dec 2025 04:46:58 GMT","end":"Mon, 23 Mar 2026 04:46:57 GMT"},"fingerprint":{"sha1":"D3:E0:81:66:8F:0F:AE:61:C8:05:83:C3:61:14:75:56:C0:37:6A:15","sha256":"2E:DA:4A:66:33:13:E2:B9:0C:AA:84:15:8C:09:91:68:09:DE:98:9A:F6:23:8C:5D:73:C7:6E:F3:F4:BD:8A:80"}}},"request":{"raw":"GET /58854.js HTTP/1.1\r\nHost: tuhesok.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 30 Dec 2025 13:43:24 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, must-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nX-Request-Id: e198dd525e9e1187ea948a50cacc5b95\r\nAccept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nX-ng-name: front8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43509,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43461), with no line terminators","md5":"0f438343ca01f023dbc4266a58a19a77","sha1":"7a08db25a16e409385c2d706aa2db3df635ae96a","sha256":"2176d85a2eeb7951c357e95b0757f97447aa330f9db446948cb1a11fd18520ac","sha512":"caa06e6cfe10c668cd1f168c968ff67f30103fab3743e4737b2fcb7e90ae572b2324c74a9842f817a9e009a68c4cb41ba06e0c625f3e30a39657e1bcd00cdabe","ssdeep":"768:dExClCwj5iFbMn1gEEJZ2iPf3FH0qGWDHV/u8dI:zdqvl02DHV/ueI","tlshash":"6613089972427025327fb5f1a37f570eb3be690a48a51d50c603f8c03968e8dd67ae8d","first_seen":"2025-12-06T15:23:24.975267Z","last_seen":"2026-02-04T11:33:10.602105Z","times_seen":140,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":66,"dns":7,"connect":17,"send":0,"wait":42,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clobberprocurertightwad.com/get/1894290?zoneid=1894290\u0026jp=_clukhhpkntlfrfzijrhqjs\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=Aq02YSuaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2086133647105024\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=913\u0026rlp=%5B0%2C35%2C204%2C140%2C3212%2C2143%2C555%2C1996%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"clobberprocurertightwad.com","domain":"clobberprocurertightwad.com","tld":"com"},"ip":{"addr":"94.242.247.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.548Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"clobberprocurertightwad.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 13:08:48 GMT","end":"Sun, 15 Mar 2026 13:08:47 GMT"},"fingerprint":{"sha1":"75:C3:D6:F6:D6:89:AC:DC:D3:57:8B:5F:44:24:3A:FF:B2:46:BF:1D","sha256":"4A:BC:5B:4A:BB:6F:C0:A3:AA:9E:AD:53:4F:2B:46:7F:69:D5:B7:CE:7E:42:DD:A0:10:A9:C3:41:E5:7C:C6:46"}}},"request":{"raw":"GET /get/1894290?zoneid=1894290\u0026jp=_clukhhpkntlfrfzijrhqjs\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.658\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=Tpzsq118w\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=Aq02YSuaHR0cHM6Ly9ydTIub2JtZW52c2VtLmNjL2luZm8ucGhwP2lkPTUyMjAzODY\u0026afid=2086133647105024\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pkw=0\u0026pload=913\u0026rlp=%5B0%2C35%2C204%2C140%2C3212%2C2143%2C555%2C1996%2C0%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0 HTTP/1.1\r\nHost: clobberprocurertightwad.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-route-id: config\r\nset-cookie: CHCK=1; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\nUID=2512300843621cafdfe1444f6a836f1deb45; Path=/; Expires=Tue, 02 Feb 2027 13:43:25 GMT; Secure; SameSite=None\r\ncontent-encoding: gzip\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3545,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (3545), with no line terminators","md5":"aa0f86dba6a06ada572a73d9910af5af","sha1":"47660562ae1ca0c45c55c2a75dcc5e5710e72d61","sha256":"61a243ccede379897b3006ff6188960635b115513bb02772d312709d8ac1ef87","sha512":"ba88486065684174a583f70482c5f757dc98570f377b63ea927e14af5f86b682fc34c68e6920191da249a47d7c32dbccbd35809e23eee4912a1b3ae63fed40bb","ssdeep":"","tlshash":"a97163d89057d96358451df257fcae8f396ac4254b8f99e5fa9c8b79103c0bf8300813","first_seen":"2025-12-30T13:43:52.747893Z","last_seen":"2025-12-30T13:43:52.747893Z","times_seen":1,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hdbkome.com/get_data?v=default\u0026page=https%253A%252F%252Fru2.obmenvsem.cc%252Finfo.php%253Fid%253D5220386\u0026domain=ru2.obmenvsem.cc\u0026blockID=342806\u0026width=880\u0026height=1398\u0026windowWidth=1280\u0026gdpr=0\u0026gdprConsent=\u0026os=\u0026osVersion=\u0026limit=1\u0026format=json\u0026sspUid=32c1057a-4e9b-4d9a-b964-19057cf0eed0","fqdn":"hdbkome.com","domain":"hdbkome.com","tld":"com"},"ip":{"addr":"31.220.27.135","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hdbkome.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 23:25:20 GMT","end":"Tue, 24 Feb 2026 23:25:19 GMT"},"fingerprint":{"sha1":"DD:61:1B:43:65:6C:C3:B4:C0:8D:DE:52:F7:BD:E9:4F:55:E3:B1:35","sha256":"F0:1E:3A:68:62:B0:F2:59:EB:27:18:D0:8F:44:80:56:4A:12:C9:51:C9:55:15:9E:61:AB:F2:60:AD:AA:E1:6C"}}},"request":{"raw":"GET /get_data?v=default\u0026page=https%253A%252F%252Fru2.obmenvsem.cc%252Finfo.php%253Fid%253D5220386\u0026domain=ru2.obmenvsem.cc\u0026blockID=342806\u0026width=880\u0026height=1398\u0026windowWidth=1280\u0026gdpr=0\u0026gdprConsent=\u0026os=\u0026osVersion=\u0026limit=1\u0026format=json\u0026sspUid=32c1057a-4e9b-4d9a-b964-19057cf0eed0 HTTP/1.1\r\nHost: hdbkome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://ru2.obmenvsem.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dmpUid=dXakxkvwuUbgEUVWFGsl\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.23.2\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\naccess-control-allow-headers: X-Requested-With, Cache-Control, Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ru2.obmenvsem.cc\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T22:47:04.158538Z","times_seen":13349726,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"hdbkome.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obmenvsemfilesec.com/fo/files_attachments/1e7/14a/1e714ab673ae0a2918fa7a7ef8f2d8d9.jpg","fqdn":"obmenvsemfilesec.com","domain":"obmenvsemfilesec.com","tld":"com"},"ip":{"addr":"82.192.80.149","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsemfilesec.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 17 Dec 2025 20:51:21 GMT","end":"Tue, 17 Mar 2026 20:51:20 GMT"},"fingerprint":{"sha1":"EC:0E:18:C8:DC:12:1C:2F:3B:D0:6A:77:44:E8:AF:5E:1F:66:67:6E","sha256":"68:ED:02:03:40:F5:BA:A4:10:6D:DE:43:54:71:09:FE:0A:5F:0F:B0:10:AB:10:64:0A:05:87:AD:1C:76:EC:40"}}},"request":{"raw":"GET /fo/files_attachments/1e7/14a/1e714ab673ae0a2918fa7a7ef8f2d8d9.jpg HTTP/1.1\r\nHost: obmenvsemfilesec.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3317\r\nlast-modified: Tue, 30 Dec 2025 13:25:48 GMT\r\netag: \"6953d2dc-cf5\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3317,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 120x120, components 3","md5":"1e714ab673ae0a2918fa7a7ef8f2d8d9","sha1":"2355d41aacde6c0059bcc08945a14a27ded64b1e","sha256":"51766e43f3450e1919cd25bcfc8ca1d96dd512e7b0d1712a6d450992160864f4","sha512":"61634480daff2bae620fc2a946fedb6df0130f0349b72f658d0149e89a9ea24638e035827141ab44d0acabf132d8f4cce855761bc2a222a6cd278dd883bed980","ssdeep":"","tlshash":"28618c303588eac9fff7cef298d0ad33cdea2e90c84446b919e03c344da02c76861285","first_seen":"2025-12-30T13:43:52.749716Z","last_seen":"2025-12-30T13:43:52.749716Z","times_seen":1,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":80,"dns":10,"connect":23,"send":0,"wait":23,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obmenvsemfilesec.com/fo/files_attachments/d8b/212/d8b212f19a0d362031c2c9cefcdf9672.jpg","fqdn":"obmenvsemfilesec.com","domain":"obmenvsemfilesec.com","tld":"com"},"ip":{"addr":"82.192.80.149","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsemfilesec.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 17 Dec 2025 20:51:21 GMT","end":"Tue, 17 Mar 2026 20:51:20 GMT"},"fingerprint":{"sha1":"EC:0E:18:C8:DC:12:1C:2F:3B:D0:6A:77:44:E8:AF:5E:1F:66:67:6E","sha256":"68:ED:02:03:40:F5:BA:A4:10:6D:DE:43:54:71:09:FE:0A:5F:0F:B0:10:AB:10:64:0A:05:87:AD:1C:76:EC:40"}}},"request":{"raw":"GET /fo/files_attachments/d8b/212/d8b212f19a0d362031c2c9cefcdf9672.jpg HTTP/1.1\r\nHost: obmenvsemfilesec.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5949\r\nlast-modified: Tue, 30 Dec 2025 13:25:44 GMT\r\netag: \"6953d2d8-173d\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5949,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 120x120, components 3","md5":"d8b212f19a0d362031c2c9cefcdf9672","sha1":"ffeba2b4e01bd7194681ed887b0f852af82b1973","sha256":"8e5a15cc4ba6b3c9ee9ffbec5db1cc9e77b15079089d375097ea0078d69d02b5","sha512":"8d1929c76667bb2b2e5e3fca2cd0b5e6bc288ed988d87cfae40e199589347dc5c5bbf5cbadd522fa3fb04bc496a09f5024cb5b40ebef469765ee5c2c82a88748","ssdeep":"96:E94ev+ACUuPJy53OTBIEHm553CF+kaMNGMc+l9i0X1yPhtRnWuZKUiND:EGv9oOTle5bmNGf+lY0FkhtHViND","tlshash":"58c18e53b7563ae3b8f14436c8e56e60a1fa121fd0e85a4f75c9db828dff4180a28760","first_seen":"2025-12-30T13:43:52.751688Z","last_seen":"2025-12-30T13:43:52.751688Z","times_seen":1,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":76,"dns":11,"connect":24,"send":0,"wait":25,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/apple-touch-icon.png","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv; UGVyc2lzdFN0b3JhZ2U=%7B%7D; kdSspUid=32c1057a-4e9b-4d9a-b964-19057cf0eed0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 2652\r\nlast-modified: Wed, 08 Nov 2023 12:00:18 GMT\r\netag: \"654b7852-a5c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2652,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit colormap, non-interlaced","md5":"14b6cbadf25e2a2e43ee83d0ae498b4d","sha1":"afbf495e86e72331b2b179ea97385eaea3e2649a","sha256":"3a1d2020f69c330d10c23692da24bcea0936f235f36f78522901171912a46566","sha512":"bb89612b4d58637ef2f0c36d1a4ec07e92d49b52cebb31bffbe1f3e8939a691fccd5a0aa23ff6187772f0f791fbf130021dd606b7b106e4cbd9397f01c6d8302","ssdeep":"","tlshash":"e2513c9a6e84b92af5c906ad338cd3885ef9c17821f97c92571c07c44d216f3b4b11b0","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.860721Z","times_seen":83,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/favicon-16x16.png","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv; UGVyc2lzdFN0b3JhZ2U=%7B%7D; kdSspUid=32c1057a-4e9b-4d9a-b964-19057cf0eed0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 675\r\nlast-modified: Wed, 08 Nov 2023 12:00:18 GMT\r\netag: \"654b7852-2a3\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":675,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"b499873bbf9f4f79c55c98780893ec5c","sha1":"298126d462924274264083a56a9804be95f7774d","sha256":"d3d21a81a1f1fa8782495b8501a9fbe487eb4c662a3d09c681152e225c8da43f","sha512":"60ef4aa3bd3139ed74318d6acffa4c34a9e4d72904bbe4a0bc53375347efd23d5f3b34d90e2c3390b40f5a77fa7bfad62e11d03b4f1b643fbb323c69c67973b0","ssdeep":"","tlshash":"d80123edd4e4ef53d08d9f3b56b30704fb3c818d21929c0a593f51328d2400c94143ae","first_seen":"2023-11-29T21:47:27Z","last_seen":"2026-04-03T15:41:56.873584Z","times_seen":83,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hdbkome.com/get_data?v=default\u0026page=https%253A%252F%252Fru2.obmenvsem.cc%252Finfo.php%253Fid%253D5220386\u0026domain=ru2.obmenvsem.cc\u0026blockID=342806\u0026width=880\u0026height=1398\u0026windowWidth=1280\u0026gdpr=0\u0026gdprConsent=\u0026os=\u0026osVersion=\u0026limit=1\u0026format=json\u0026sspUid=32c1057a-4e9b-4d9a-b964-19057cf0eed0","fqdn":"hdbkome.com","domain":"hdbkome.com","tld":"com"},"ip":{"addr":"31.220.27.135","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:25.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hdbkome.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 23:25:20 GMT","end":"Tue, 24 Feb 2026 23:25:19 GMT"},"fingerprint":{"sha1":"DD:61:1B:43:65:6C:C3:B4:C0:8D:DE:52:F7:BD:E9:4F:55:E3:B1:35","sha256":"F0:1E:3A:68:62:B0:F2:59:EB:27:18:D0:8F:44:80:56:4A:12:C9:51:C9:55:15:9E:61:AB:F2:60:AD:AA:E1:6C"}}},"request":{"raw":"OPTIONS /get_data?v=default\u0026page=https%253A%252F%252Fru2.obmenvsem.cc%252Finfo.php%253Fid%253D5220386\u0026domain=ru2.obmenvsem.cc\u0026blockID=342806\u0026width=880\u0026height=1398\u0026windowWidth=1280\u0026gdpr=0\u0026gdprConsent=\u0026os=\u0026osVersion=\u0026limit=1\u0026format=json\u0026sspUid=32c1057a-4e9b-4d9a-b964-19057cf0eed0 HTTP/1.1\r\nHost: hdbkome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nOrigin: https://ru2.obmenvsem.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.23.2\r\ndate: Tue, 30 Dec 2025 13:43:25 GMT\r\ncontent-length: 0\r\naccess-control-allow-headers: X-Requested-With, Cache-Control, Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ru2.obmenvsem.cc\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T22:47:04.158538Z","times_seen":13349726,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"hdbkome.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obmenvsemfilesec.com/fo/files_attachments/00b/6d7/00b6d78bdaa3c149de44b33fe3fbf676.jpg","fqdn":"obmenvsemfilesec.com","domain":"obmenvsemfilesec.com","tld":"com"},"ip":{"addr":"82.192.80.149","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsemfilesec.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 17 Dec 2025 20:51:21 GMT","end":"Tue, 17 Mar 2026 20:51:20 GMT"},"fingerprint":{"sha1":"EC:0E:18:C8:DC:12:1C:2F:3B:D0:6A:77:44:E8:AF:5E:1F:66:67:6E","sha256":"68:ED:02:03:40:F5:BA:A4:10:6D:DE:43:54:71:09:FE:0A:5F:0F:B0:10:AB:10:64:0A:05:87:AD:1C:76:EC:40"}}},"request":{"raw":"GET /fo/files_attachments/00b/6d7/00b6d78bdaa3c149de44b33fe3fbf676.jpg HTTP/1.1\r\nHost: obmenvsemfilesec.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 6644\r\nlast-modified: Tue, 30 Dec 2025 12:27:53 GMT\r\netag: \"6953c549-19f4\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6644,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 120x120, components 3","md5":"00b6d78bdaa3c149de44b33fe3fbf676","sha1":"38e48e211e9245ee5bb8d315ec00429e3f555fd6","sha256":"33b653e57383567d3d30cfc90e1bba388d0eb5f933c515e3db2097534e1a6f1f","sha512":"5c32809253be5dabc3b5c3a1a07b4bf5daa8b46080a3eac44edf2b1f033888d6b96b412bdecd672407fe5b44eb7d3f0ec46572a6c508e63a760bface507be9f5","ssdeep":"192:jBIlExsy0W3yb1x7yU2xxaPqy88acW2rAjyix:IEa242J0ivL2rAR","tlshash":"82d17d23c7617ff4b9acd19226970fecd2da5f9be84040df8ed8b49b465d684a086234","first_seen":"2025-12-30T13:43:52.756223Z","last_seen":"2025-12-30T13:43:52.756223Z","times_seen":1,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":67,"dns":13,"connect":21,"send":0,"wait":21,"receive":1,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ru2.obmenvsem.cc/static/new/js/main.js","fqdn":"ru2.obmenvsem.cc","domain":"obmenvsem.cc","tld":"cc"},"ip":{"addr":"82.192.80.133","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ru2.obmenvsem.cc/info.php?id=5220386","date":"2025-12-30T13:43:24.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obmenvsem.cc","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 20:39:55 GMT","end":"Thu, 29 Jan 2026 20:39:54 GMT"},"fingerprint":{"sha1":"4B:A8:9D:BE:13:E1:AA:A9:45:F3:4F:7F:51:0A:36:A8:85:21:20:CB","sha256":"12:AB:2F:B5:3F:98:78:28:94:BC:2A:11:09:56:D0:0B:E5:0F:CB:46:71:05:80:6D:75:10:F4:9E:6D:6A:7C:2B"}}},"request":{"raw":"GET /static/new/js/main.js HTTP/1.1\r\nHost: ru2.obmenvsem.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ru2.obmenvsem.cc/info.php?id=5220386\r\nCookie: sid=rfnfrj9q8oimpqb7mtmo93r2sv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 13:43:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 02 Oct 2023 09:59:18 GMT\r\netag: W/\"651a9476-988a5\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":624805,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17657)","md5":"b6a5b3fcb3c5763f5b0a54ccbc6a2c79","sha1":"ddbe5e8372dc5c077cffa3cefad451ac6f5016e6","sha256":"23d212556914be03a7f36dc8e2581deb7fe3e927dd40ec947ab98f6a616a6b34","sha512":"718132246cc46358d4223fd771469059dda61db6742d548873c5f6b08cd86ca481d54060adedb35e379608dd88dada38ed891d7f2e5529c11f682ffd3529d8f4","ssdeep":"12288:rSB7qB7WKK4aIiuyW+aux8PNhvu/m2mVrd7y:rSB7qB7mIiusx8PN8/m2mRd7y","tlshash":"3dd42ac87281742247d7b0b5502f520ab23a9969580dc16cf62df9d52fb8e4de23bf78","first_seen":"2025-10-15T12:02:14.349595Z","last_seen":"2026-04-03T15:41:56.878165Z","times_seen":24,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}