{"report_id":"74dcf0a7-f2da-4311-8108-9aadbba4b137","version":6,"status":"done","tags":[],"date":"2025-07-04T02:18:35Z","url":{"schema":"http","addr":"kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"104.21.30.3","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"title":"Поиск партнера для регулярных встреч"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-09-12T02:18:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"kdulyoz.cfd","ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-27","domain_rank":0,"first_seen":"2025-07-04T02:18:35.201614Z","last_seen":"2025-07-04T02:18:35.201614Z","alert_count":11,"request_count":11,"received_data":277602,"sent_data":6505,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/js/format_number.js","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b32436f8b0be99384a6c89c606e51bf2","sha1":"c40ae52ed1dab04c215f6bf66b61f0739cb6cb70","sha256":"1222dbc3d6e5eda2c741b61a81337725b0c43c180659c1780074f37c5853f117","sha512":"4fda0a3243fd8a4f2083de5354f20a616de9cd7b8c9b016aebe21394788990144abc1401dd8e237e83cecb9cb3f489350f94a207dd2813bc8d0309a70f5357dd","ssdeep":"96:EuWuPtsg7h2OWPk95g2ITvW0AuQ8W0AuJ870Aua1ZZVu/sZZVu9l5s:EuYg1vWPk95g2IDs","tlshash":"cdf10610dabd088142731769167fd2c15b2cc83bc98489febc5ce587cf62a4572d8be9","size":7871,"data":"","first_seen":"2025-07-04T02:18:37.976581Z","last_seen":"2025-12-30T21:28:27.686227Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3056b61b219c1a54ae30dc6945b2a09e","sha1":"4bbd8c465de3f7768e65da84285fcc5c85ac2589","sha256":"92cba74446a66a316099d4998a84475c5873a599f085050cae153e7f1a79d382","sha512":"ce16a4abe1de951c36444559086ad2fd31f1254abad5dc8fbe6d701b9a266e57d99fa5eddca0e21b5df57f703f6e2918dd0512893aaa8593db653609d2a8a100","ssdeep":"96:GO+PB1fjgYEJMcImdHweNIhoMbi+b81vZwwyv4E49mtZbX7D/yRs/yRV3+Pc3cod:GO+PfN7mJwxohwHa4b432ZfCgK","tlshash":"f2c165cd2e609a59d74b1fab301739c1d65b06a93cd9899fd004fdac28a0e16fbd1db0","size":5676,"data":"","first_seen":"2025-07-04T02:18:37.987445Z","last_seen":"2025-07-04T02:18:37.987445Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/js/jquery.min.js","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-06T11:13:52.504891Z","times_seen":118694,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/tlgr.png","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:12.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/tlgr.png HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 7511\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\netag: \"1d57-6390fbc531868\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b%2FbLgvPKD%2BwJAl%2F2MWCMmViRKIxg%2BZZpPL1pjBpaV6tKjfwgGWKzx3IPbDSIj4vV52WF3xR%2Bg0NzAdcRm6lAJ2eCveveQTxhYQ%3D%3D\"}]}\r\ncf-ray: 959b2176fe147129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7511,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 170 x 170, 8-bit/color RGBA, non-interlaced","md5":"928cf182337e5574209178d6cc1ec9f2","sha1":"f016d11dd8b26ce8b0dfd9a87f32285d874b374a","sha256":"c892752ca8d13473ebbf764bd2cfa1ad208fa7f026fdf6b13a1f959c783d08cf","sha512":"8b52cf0e5e4a7a087d69310c49439945330b88e668b24f8052fbed0767b1a4a09c09eed2c2c21ef51cc48848efef9af3b3c1a8562c9142757c662d57b7777463","ssdeep":"192:ZNRM00BUmbkmyWmwRH+QFioAr5yXVGNKe8T3V4LmGCr3Lp:HRMmWmwJ+QFPArwFS4mB8p","tlshash":"1ef18f578a9c551f076a23e4400688f0d7b7e708861c63e5905ea93e8d20f7ae5e2d73","first_seen":"2025-07-04T02:18:37.966256Z","last_seen":"2025-12-26T22:43:11.356282Z","times_seen":4,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/images/favicon.ico","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:13.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/images/favicon.ico HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=suoUlvpV8lLplHSZau3oxd1cFUex4FduyJqFH1i8ZDQtOuiWLgIj39oPY1NosXcxHVvCe7P55E2OOE%2B3rmQwPm7UzYIu0LkvA8Wg%2FRjNhVhCtgQH%2BH23KfQl2cMahg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\netag: W/\"3aee-6390fbc52baa8\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\ncf-ray: 959b21799818712b-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=625\u0026min_rtt=0\u0026rtt_var=234\u0026sent=274\u0026recv=313\u0026lost=0\u0026retrans=0\u0026sent_bytes=103609\u0026recv_bytes=17708\u0026delivery_rate=19423402\u0026ss_exit_cwnd=14905\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=236ec52f4ecb18f6\u0026ts=743\u0026inflight_dur=67\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15086,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"ffd154fe4d0b9652e1bf15a199ba5fac","sha1":"eabab3e9023494efb489afa8582556d2fd5c0a8d","sha256":"44e1e2ced5838daeb629f9296ef678a7c91142b4d3bff829d695c7b0e748495a","sha512":"1d2ad463d26ba55ec41d6f5739c9ad6bfb85aed0903724a9918dff7b5c2d8af7f567001c89bed24b7b917dcb7d97947a40d9ef2f027419d58dd15b97cffe2442","ssdeep":"96:ja2t3uvBMRnxPPdoltpjC/8o/Pm/DLFIMDua8/pI/p8jNxd/:ja2MpmnTo1C/8o/oVIMX8/pI/pEl","tlshash":"2a6222953346ed45e88552f8c82bcdf4a391bcb5f8299503be21bd873e77246e831076","first_seen":"2025-07-04T02:18:37.968899Z","last_seen":"2025-12-26T22:43:11.36173Z","times_seen":4,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-04T02:18:12.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/ HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:12 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: PHP/7.2.24\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W69q4UodNLqYQr3rSvSCHWm5OCH%2BuuzYzYW77XY%2FLHtTPYa2ZdHRvFToIMRof%2BwxI3SkL2mWa1L%2B5P%2FfqXjNScHKnhKTzV5oIg%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 959b21751d6c7129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9113,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5627)","md5":"c589bb579a17a20948e2844e07dfc9b8","sha1":"9ce579d849d171347e7cc33c176389780cd0f9f8","sha256":"20ee50a898f20280dc66301be43d83167a30f3f68a0fc44fb28c9e1b71aa2e73","sha512":"242a36a3a83abcae649826be456ec6b25e8b889446c4b71de6cc8cb6e8386a5cf5d18c2d7615a93df2bc1c9488a8cdf8d5d89c512919c781a5d3d5f763a26e2f","ssdeep":"192:EEFYjO+PfN7mJwxohwHa4b432ZfCgmZRjSl:pFYjOihmJPhka4nlCgmZR6","tlshash":"41120b953df08a2552470e57b4637ec1da5742abbcd88c49f00cacad2fd0e06ebc2a74","first_seen":"2025-07-04T02:18:37.971478Z","last_seen":"2025-07-04T02:18:37.971478Z","times_seen":1,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":29,"dns":1,"connect":1,"send":0,"wait":114,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/css/main.css","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:12.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/css/main.css HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9%2BM1c4pxvn1mzua8NmM3yx7OQly%2BPpNUAt1sw8IRRDvckwa6g5YprWstmyZcsk4lOPUSvAx5yhatoH1iq3A8eOyUnxldXC6NQA%3D%3D\"}]}\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncf-cache-status: BYPASS\r\netag: W/\"7362-6390fbc5283f8\"\r\ncontent-encoding: br\r\ncf-ray: 959b2176fe0d7129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29538,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (410)","md5":"f0f255aa931c30e7748d75d1c20cfc23","sha1":"94b281cc464310b5b7a0c66a2aaf97b01a34d660","sha256":"55b47fa8cf65f58d398de300c7be8491fa0a9a93616022c9159b9b61be65ce4a","sha512":"dc6e6ce84bac788aec78cb56c7dc81c0eac41fa40d4feeda78bf3194171d4fa74cf3b4d5da7c088a909730223c965ebfdb46ef79db6ea10a34362fbde57ffc78","ssdeep":"768:YRyGerEtK4FUVqieFcB3Kpwh/30MJdvST47/StjcfDU+RaRFfcVnrYSAsRKvKZGa:KyBaVoKiZOM+LSeBvXU","tlshash":"61d2ee6736b01204751b8c2427da1f662374c453650fedfa7ee2651ccfcaac58ae278e","first_seen":"2025-07-04T02:18:37.973395Z","last_seen":"2025-12-26T22:43:11.377307Z","times_seen":4,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/js/jquery.min.js","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:12.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/js/jquery.min.js HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=36gaxtvpPy523ZRNdq%2FR8otCNdKZwVG9FZB18GzjR45uhaGANTXYZlbm7pbAFfA3KtCWNji04Q02FOV2G2f9gwfvehShCLDp4w%3D%3D\"}]}\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncf-cache-status: BYPASS\r\netag: W/\"1538f-6390fbc52f158\"\r\ncontent-encoding: br\r\ncf-ray: 959b2176fe0e7129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-06T11:13:52.504891Z","times_seen":118694,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/js/format_number.js","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:12.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/js/format_number.js HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GKpAk7lyMINks245MQM%2FbhGS1kJcptaxYhHVrbGHdYaLfBbZjttOO4YXmMueh%2BgA1SK7ld8WYXUTq9CcQeoU80kfpFgy1ZkhtA%3D%3D\"}]}\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncf-cache-status: BYPASS\r\netag: W/\"1ebf-6390fbc5300f8\"\r\ncontent-encoding: br\r\ncf-ray: 959b2176fe0f7129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7871,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"b32436f8b0be99384a6c89c606e51bf2","sha1":"c40ae52ed1dab04c215f6bf66b61f0739cb6cb70","sha256":"1222dbc3d6e5eda2c741b61a81337725b0c43c180659c1780074f37c5853f117","sha512":"4fda0a3243fd8a4f2083de5354f20a616de9cd7b8c9b016aebe21394788990144abc1401dd8e237e83cecb9cb3f489350f94a207dd2813bc8d0309a70f5357dd","ssdeep":"96:EuWuPtsg7h2OWPk95g2ITvW0AuQ8W0AuJ870Aua1ZZVu/sZZVu9l5s:EuYg1vWPk95g2IDs","tlshash":"cdf10610dabd088142731769167fd2c15b2cc83bc98489febc5ce587cf62a4572d8be9","first_seen":"2025-07-04T02:18:37.976581Z","last_seen":"2025-12-30T21:28:27.686227Z","times_seen":6,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/images/preloader.gif","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:12.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/images/preloader.gif HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 23226\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\netag: \"5aba-6390fbc52c278\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KaiUij0M9PewKMdzQ5WNwXid8FkoZko3BqcrvWRDVK6SgIZBcLY%2B335FqjiBA%2B3pBMfV11QHcAL0msBFQyLqcWgoiZA9IizHug%3D%3D\"}]}\r\ncf-ray: 959b2176fe127129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23226,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 187 x 28","md5":"b3a563cfcd004ee3c2d58e2177599362","sha1":"e6765d1ac8048ea970332b8875c1c13198ec505f","sha256":"4eb9c1eaa55ca925cdd2d6641af456215e0eb7f43131e609686fde815dbedac9","sha512":"b0a08c2c2b8f870c98a7824529e8d3db2ffda8ee48a48a7811c24f6e0633553da216bfc533810034d7d19fa31658aa2b02057e551c9b02003a2dec553f34f1e8","ssdeep":"384:LNVWoGUl+/M0BicHVURepGMI5wRjusfaiLI42YmzYk2KwOr2LXGJAWghqEKKalj:ioGUU/MAvVUce5wJusf/w9zOOCLpqnKQ","tlshash":"47a2bf71e1bcd62eeb540a32c49de92c5b84ba26721d3e52e400d3b17c9279790633fd","first_seen":"2025-07-04T02:18:37.978647Z","last_seen":"2025-12-30T21:28:27.692049Z","times_seen":6,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/email.webp","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:12.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/email.webp HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5504\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\netag: \"1580-6390fbc5362a0\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nmCmFBMqGJJVYUI5wEuhnm0kK8pn8JK5w3qxlT86o4gP0JI2bepsylL55Ppc9yJa43Y%2FBf8wti3%2Bto11BfDL3Lc%2BJUWYk6ak%2FQ%3D%3D\"}]}\r\ncf-ray: 959b2176fe157129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5504,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"eadb3666a8a20a2c1494d57cb004f956","sha1":"c15a6e32955cb84a07fa35a9fcd24762ace254a8","sha256":"d0f306054d77f40d879136216068f5a2cc1fa2e4047d318a6ea03e9af29782a5","sha512":"edd002fe895f42d41348ba594a9729408cfeef925227bcbb744a7dcc48ef2ff3bc40a2a54b69f3eb9576140037fcb06dda2e8bfc02f7499ecb5ff83627d8aeec","ssdeep":"96:/Htf89suYLCQLpkUZOVfFKXendaFM95i1kIpGOclWo7G+mw5YCsUW8X/r:/HtHuHgSOOVfkendan1kWWf7kC9W8X/r","tlshash":"e5b16c18cc7762e12e4528e519fdbd99347f4833873cea6a0be2bc24f15916478c7c25","first_seen":"2025-07-04T02:18:37.980278Z","last_seen":"2025-12-26T22:43:11.380577Z","times_seen":4,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/css/custom.css","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:12.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/css/custom.css HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ki2hWTzmi1olTbDZM2wiI%2BABbRcLrR4KP4Z6WMIyqIXCZtQvI2JcQbWDAHqDiYeSXHgB512aOPXvoXUvPNFOBmKPpaxPUFF5wA%3D%3D\"}]}\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncf-cache-status: BYPASS\r\netag: W/\"1e-6390fbc527070\"\r\ncontent-encoding: br\r\ncf-ray: 959b2176fe107129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ab675cfd6f225e6860ea4541adec7d84","sha1":"7857ab976cf2d95ef0e62a24692d8774d824d393","sha256":"0612b3c0499ec11bdf1b7c148a856b07ebeda522a8f948d1a7ccd1af6d20dce4","sha512":"62a1d61cbd47140403a694ea628e7099b7b465b739475971ebbf95b4d1db5ba391831b18513ae17ecae67b6628a2250eb8d3401dd17f582c2e8026032b40a1c3","ssdeep":"","tlshash":"6180000e0eb80ae28a2280808c88830aa0a800030388aa88ac2080b22b8f200cc02a22","first_seen":"2025-07-04T02:18:37.981922Z","last_seen":"2025-12-26T22:43:11.352442Z","times_seen":4,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/images/bg.jpg","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:13.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/images/bg.jpg HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/skins/default/css/main.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 51387\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=uTmFM%2F%2BDTed7h5xnI9mdi8jV6RlGgULfV8vThUNdQ4CuoEBPIHq0TR69KipiU5rIZtf6MADAQDmx0XeyiMNm%2BjJF1iRTpeuABQjTtMYnDqZ5hqa6%2BbFBYMZxwDl87Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\netag: \"c8bb-6390fbc52b6c0\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: 959b21786814712b-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1651\u0026min_rtt=438\u0026rtt_var=1188\u0026sent=211\u0026recv=299\u0026lost=0\u0026retrans=0\u0026sent_bytes=20005\u0026recv_bytes=16706\u0026delivery_rate=643055\u0026ss_exit_cwnd=14905\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=236ec52f4ecb18f6\u0026ts=565\u0026inflight_dur=53\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":51387,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x930, components 3","md5":"044f1670b01953f98acd85af24fc42a1","sha1":"1b33aae6061fa6dfc269255beb8e4083eacd44bd","sha256":"ab50ebe85f98c7d69d0be7bc0f55264c7fb125e9ccc5cd4a26fc623a4ecceab9","sha512":"13a61fe5e5428574a5545a83c26670f692ac6228596fb16aa828405ea48f13f6511ac426e78dc511cb9727a3f1df431669718ef20cf84ab8197a20a01161040b","ssdeep":"1536:AsFF9ROxFSuoYwwmrMMmlgwA8nnBpIGb94Aymv817:AgFucsww0dmlgnYB/hy80","tlshash":"9833016205d581685528927872161f5e26328e2e13d02bcd14f6f8dffc8c8847ab5bff","first_seen":"2025-07-04T02:18:37.983798Z","last_seen":"2025-12-26T22:43:11.383234Z","times_seen":4,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kdulyoz.cfd/111/lde2070/skins/default/fonts/roboto-v27-latin_cyrillic-ext-regular.woff2","fqdn":"kdulyoz.cfd","domain":"kdulyoz.cfd","tld":"cfd"},"ip":{"addr":"172.67.150.39","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://kdulyoz.cfd/111/lde2070/scriptnformindex.php?utm_medium=203374\u0026sub_id_6=buymedia.biz\u0026utm_content=2078\u0026subid=7a2ru773esbd\u0026sub_id_15=buymedia.biz_2078\u0026sub_id_11=700500/","date":"2025-07-04T02:18:13.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kdulyoz.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Jun 2025 15:36:08 GMT","end":"Thu, 25 Sep 2025 16:34:49 GMT"},"fingerprint":{"sha1":"9A:74:67:F4:57:60:C1:B2:AE:C6:50:CF:51:BA:00:DD:87:55:24:11","sha256":"C5:A5:B7:77:62:A5:7D:58:6D:B0:34:08:09:36:D7:05:AD:06:C4:76:8B:E4:A1:76:67:F1:CF:D4:4A:80:EA:EB"}}},"request":{"raw":"GET /111/lde2070/skins/default/fonts/roboto-v27-latin_cyrillic-ext-regular.woff2 HTTP/1.1\r\nHost: kdulyoz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kdulyoz.cfd/111/lde2070/skins/default/css/main.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 04 Jul 2025 02:18:13 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 33172\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=lE9CTCju2YvtlsBKKWiNV%2FzEjrR%2FVp5E1HZa9MEkxAPehf5tFAeonJkk4MwzX6179nsxf%2FnmX3kAgUUYn28%2BRYdv35D78tugjWe%2FCf6GpK2pwr8tiJXnf1CJoRcacQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 04 Jul 2025 00:40:07 GMT\r\netag: \"8194-6390fbc52ab08\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: 959b21788815712b-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1651\u0026min_rtt=438\u0026rtt_var=1188\u0026sent=208\u0026recv=299\u0026lost=0\u0026retrans=0\u0026sent_bytes=15805\u0026recv_bytes=16706\u0026delivery_rate=643055\u0026ss_exit_cwnd=14905\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=236ec52f4ecb18f6\u0026ts=564\u0026inflight_dur=53\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33172,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 33172, version 1.0","md5":"efeae9643a7590027a4b3535b0220cda","sha1":"3bda00686bbe97c25ac1a36f8a8acfa3a65ca674","sha256":"d3a656939a23f885231d28bc374a003b6882d0d26772e71a419ee5619533183d","sha512":"a86982c2c597bf7c2891a3df468930daa5ad0d39c6d5be12f4bbec2dd7499b09ae6fdb55bf6affd15167ec2d52b91c9c61244392f33f98246230ae05e823cbde","ssdeep":"768:E/+25uufsezR09Qo8WGAveoKDrDScU3xHLBOZfUtcXHUSN4M:EduOsNYh2YScIxKXH32M","tlshash":"39e2f2d1211af08ba1859e1a3ce7d4d11cb7bb1dc0754e78dc74b236babd115fb0146a","first_seen":"2023-05-04T14:48:25Z","last_seen":"2026-03-26T15:28:19.230648Z","times_seen":78,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-04","alert":"Sinkholed","trigger":"kdulyoz.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}