{"report_id":"c5f11d78-67c7-4d3e-a1c9-277bdb70fa1a","version":6,"status":"done","tags":[],"date":"2025-10-24T02:41:36Z","url":{"schema":"http","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"104.21.21.64","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:neterror?e=connectionFailure\u0026u=https%3A//backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026c=UTF-8\u0026d=Firefox%20can%E2%80%99t%20establish%20a%20connection%20to%20the%20server%20at%20backgames.ru.","fqdn":"","domain":"","tld":""},"title":"Problem loading page"},"submit":{"url":{"schema":"http","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"104.21.21.64","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T02:41:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"54.cholteth.com","ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-12-01","domain_rank":0,"first_seen":"2025-10-24T02:41:36.742257Z","last_seen":"2025-10-24T02:41:36.742257Z","alert_count":12,"request_count":4,"received_data":147472,"sent_data":2737,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"kuolkoola.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-03-20","domain_rank":47044,"first_seen":"2025-05-08T22:43:24.287422Z","last_seen":"2025-10-16T09:01:42.49563Z","alert_count":0,"request_count":2,"received_data":4313,"sent_data":1053,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"backgames.ru","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-03-05","domain_rank":0,"first_seen":"2025-10-24T02:41:36.741454Z","last_seen":"2025-10-24T02:41:36.741454Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":597,"comment":"","tags":null,"fingerprints":null},{"fqdn":"hdtcode.com","ip":{"addr":"185.98.54.153","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2019-04-29","domain_rank":5341267,"first_seen":"2019-05-01T17:48:45Z","last_seen":"2025-10-22T09:19:18.297402Z","alert_count":0,"request_count":1,"received_data":274,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d299fc4158f5ee271d32054f20c567b","sha1":"f7a0862ea30145dcb0a90604dd7898a40e53feb1","sha256":"c9ab2db9b28f51129edfd2aff30ad067245bd34b028991e08f56f7c947f60495","sha512":"cfd527d72368746c57394fde01a5bf34d2a2c64db14d77c41a73f02bd063c5d3a89edb8042774ec98a11cd77e5790004e4fd1d34025976df1dc2bcf49a1fc7bd","ssdeep":"384:hEO8LLwmwafzrI9INlsGx51lVEG42vx6jOv:2HLFNfaelsGL1l+G42vd","tlshash":"6ad26e1c8bf230b9a67fa17ea25f681478e3717b4084d501f5cd92406fd9a43c9ba6e8","size":30513,"data":"","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-05-02T09:36:27.378192Z","times_seen":477,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a40976860ec9865090d3e26ffc73cc94","sha1":"40f16d9869020c5752974e91bd792ba0d1f015e8","sha256":"65ba0a06506d4e77ec12f1f4f2a2b0709d8a90c5fbf1a56605433347a396f630","sha512":"adc26c6fbc181ba7040d6f9ff86188bc9d93904b0d0541648c34eed8c6c6dd587f126a4137e8026d2bdbce971ae352bc2cbafb71943c0d6e20a695ce15d20d92","ssdeep":"","tlshash":"3d41713d1cb65054152bb06b777fa6187472b01b804ec5407e1cdb029f60ebad669edc","size":2157,"data":"","first_seen":"2023-03-07T16:08:17Z","last_seen":"2026-05-02T09:36:27.378749Z","times_seen":303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ad64b8dff8409190baab365212dabb3","sha1":"91990e6f15952656ac2bd994a9896251c5623486","sha256":"0dff92e84a935e88cb2906b2960b4ef813b513d5d65082c105b9af2db769f5e0","sha512":"2d130999db0952da25ddf43d878f44b52f3f4c0fc82c2b07275bb1763fd6d73d7be7e307cb987525aec63d4554d2dfdef593dddcc9fb88bd4efc2b6bedf68689","ssdeep":"","tlshash":"ca7121bb5da762221772101a576fb654242b043b18ccdc10bb9cd240afe863f8a94ffd","size":3815,"data":"","first_seen":"2025-10-24T02:41:40.762527Z","last_seen":"2025-10-24T02:41:40.762527Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0#","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d299fc4158f5ee271d32054f20c567b","sha1":"f7a0862ea30145dcb0a90604dd7898a40e53feb1","sha256":"c9ab2db9b28f51129edfd2aff30ad067245bd34b028991e08f56f7c947f60495","sha512":"cfd527d72368746c57394fde01a5bf34d2a2c64db14d77c41a73f02bd063c5d3a89edb8042774ec98a11cd77e5790004e4fd1d34025976df1dc2bcf49a1fc7bd","ssdeep":"384:hEO8LLwmwafzrI9INlsGx51lVEG42vx6jOv:2HLFNfaelsGL1l+G42vd","tlshash":"6ad26e1c8bf230b9a67fa17ea25f681478e3717b4084d501f5cd92406fd9a43c9ba6e8","size":30513,"data":"","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-05-02T09:36:27.378192Z","times_seen":477,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"251c3bb2f176a4eabacdcc9bdaa998df","sha1":"11940a001a4e30770a2c47588672a5ca9ec78052","sha256":"92eb6290657e1af66cc2eafbb5d322fc06cdf41973ab4a601a348671cd73b25a","sha512":"325776cfa390251fa82c70b92cddaadae381f1a098a8d20f2159d9bb951c1a3d96949dae58ed8b68a060dd559406bf2e915dd7564f41dc2e5cf9a198fa2eea16","ssdeep":"","tlshash":"82b012101129d53a8d3f05cd526a43e03862085b74c5d876302e97068f00040431c1df","size":109,"data":"","first_seen":"2024-08-20T11:04:07.73569Z","last_seen":"2026-04-07T20:52:37.769656Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c0cfc5b0b8ecddc27874cf87557bc5c8","sha1":"e8c431ae40e005d2202a8f2780c469ca8f2646f5","sha256":"f2dffef77f1df9b166e021e150edba0f9a71f95067d79e112325e4a1cb9a95e9","sha512":"fabc6d01f8c44cf75efbbe17c793df963ed0d0ec84f5e5965c37aa72f594397f7938ea297f922747d780a5bf71cfe6e3121d06d8f3b21f5877777788b8330273","ssdeep":"","tlshash":"52b02b0f7c461570283bf414111feb043c2084101b008200004055007db892784621c0","size":126,"data":"","first_seen":"2024-08-20T11:04:07.747237Z","last_seen":"2026-04-07T20:52:37.77089Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/199f8c6.php?utm_source=ogdd\u0026utm_campaign=20599","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cce286a76c98655126ff55a5d756c2b9","sha1":"99eca2b5d02d57a7f6450cbdf902687ba16826d8","sha256":"9f3ad4589604825d80a022d66034f12bb86487f9215ecddc1f14499c7878f362","sha512":"2cadbc7194d6c75db3d962d25886f6c7aa1bdb8ba2ba7f8f9b23f8731862186dea096c7f3cb823f57c2d7fc10c302902d3ca2600642924039847e608deb53add","ssdeep":"768:jCEb5lCr9FbMv1gEEGZ2iPJT4VH4qiWDHV/8wUz:/AqJs14SDHV/8zz","tlshash":"20132c9932927025726ea9e1537f270af37e691748b55c00c603f8803a24edef227f9d","size":43506,"data":"","first_seen":"2025-09-06T15:06:29.605554Z","last_seen":"2025-12-03T12:51:21.521007Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9e8d92218ee3ebc50c02807f95053e1d","sha1":"471165c67069eb5e4a1a96bf3de5f2da1c8a1dff","sha256":"a7f50ca9fb45ef36eadc0461fd33f27d2f3032fcec793bcc869c43dba2b5bb73","sha512":"16db7c18eed45cc8d9339de68619a7014c18d80c7b2c813be30bf912e30c7f43a01272920e133025342e6ff76667232b6222b2286baa9e455f669a8d3e89d0ff","ssdeep":"","tlshash":"8801b4091af3545767cf68e3de4ea48c615a82db4286bf03fe0d728cdf2d4a9ca41135","size":695,"data":"","first_seen":"2023-03-07T16:08:17Z","last_seen":"2026-05-02T09:34:36.906136Z","times_seen":351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0#","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"a40976860ec9865090d3e26ffc73cc94","sha1":"40f16d9869020c5752974e91bd792ba0d1f015e8","sha256":"65ba0a06506d4e77ec12f1f4f2a2b0709d8a90c5fbf1a56605433347a396f630","sha512":"adc26c6fbc181ba7040d6f9ff86188bc9d93904b0d0541648c34eed8c6c6dd587f126a4137e8026d2bdbce971ae352bc2cbafb71943c0d6e20a695ce15d20d92","ssdeep":"","tlshash":"3d41713d1cb65054152bb06b777fa6187472b01b804ec5407e1cdb029f60ebad669edc","size":2157,"data":"","first_seen":"2023-03-07T16:08:17Z","last_seen":"2026-05-02T09:36:27.378749Z","times_seen":303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T02:41:13.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cholteth.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:40:57 GMT","end":"Mon, 08 Dec 2025 04:37:16 GMT"},"fingerprint":{"sha1":"57:8E:43:C3:36:5F:2C:AA:B3:FB:99:B8:BB:FE:2E:A8:99:86:7B:04","sha256":"52:32:13:28:79:58:E9:CA:6B:C3:84:D3:A9:62:AC:C2:DE:4A:87:D7:76:B3:86:0F:84:B4:93:0A:A9:76:E8:7C"}}},"request":{"raw":"GET /index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0 HTTP/1.1\r\nHost: 54.cholteth.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Oct 2025 02:41:14 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4ZnXFJR%2BxY%2BMhaOCMVZiAi9fE2a7SfvSYMQJJR4ujKMbqlRPpqHPw%2Fwx271BnMeFrhTx%2FdUr0HLnOSWptjAOn33TXY6JguW%2Fvh1HFh4%3D\"}]}\r\ncf-ray: 99361d2e4bbe56aa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":90585,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (17957), with CRLF, LF line terminators","md5":"1709f89443210e40cb87329629fa96f6","sha1":"503c1f1ce42b0299202740afc0557bbd74af4b11","sha256":"96c97c5a83b35738edf11ab4bffefdf6ac47e18e692af20cdd85a8e9e417abcc","sha512":"82559e9f257ed7bdf58e2305af96a77db0e4816654b6a80452f4c26f3025b7bc9727679aee568ae1fc195bb18118ff3c81ea885c9bcfff5b1ca009c950108012","ssdeep":"1536:sgxNCehhMfpJ6do3lAbsI+XeqlLgPvN3Tqg5Itr:I27GDvJgXZTqgg","tlshash":"8e93be2e4e123456523fe379e76f2a18ee53227752818a55be8c52002ff4a05ca5bfdc","first_seen":"2025-10-24T02:41:40.732494Z","last_seen":"2025-10-24T02:41:40.732494Z","times_seen":1,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":21,"dns":1,"connect":1,"send":0,"wait":173,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/199f8c6.php?utm_source=ogdd\u0026utm_campaign=20599","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","date":"2025-10-24T02:41:14.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cholteth.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:40:57 GMT","end":"Mon, 08 Dec 2025 04:37:16 GMT"},"fingerprint":{"sha1":"57:8E:43:C3:36:5F:2C:AA:B3:FB:99:B8:BB:FE:2E:A8:99:86:7B:04","sha256":"52:32:13:28:79:58:E9:CA:6B:C3:84:D3:A9:62:AC:C2:DE:4A:87:D7:76:B3:86:0F:84:B4:93:0A:A9:76:E8:7C"}}},"request":{"raw":"GET /199f8c6.php?utm_source=ogdd\u0026utm_campaign=20599 HTTP/1.1\r\nHost: 54.cholteth.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 24 Oct 2025 02:41:14 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4rEFggAu8%2BvDX8hqfJjBbORXNP4RRXy8jZqrLNMZmipiQDDFHcHVFZ4SPtwDYOAvC1hjIP7L1xhRHnvXKw0EsZRN6tv10RNNLxN9UKY%3D\"}]}\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99361d30686956ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43506,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43458), with no line terminators","md5":"cce286a76c98655126ff55a5d756c2b9","sha1":"99eca2b5d02d57a7f6450cbdf902687ba16826d8","sha256":"9f3ad4589604825d80a022d66034f12bb86487f9215ecddc1f14499c7878f362","sha512":"2cadbc7194d6c75db3d962d25886f6c7aa1bdb8ba2ba7f8f9b23f8731862186dea096c7f3cb823f57c2d7fc10c302902d3ca2600642924039847e608deb53add","ssdeep":"768:jCEb5lCr9FbMv1gEEGZ2iPJT4VH4qiWDHV/8wUz:/AqJs14SDHV/8zz","tlshash":"20132c9932927025726ea9e1537f270af37e691748b55c00c603f8803a24edef227f9d","first_seen":"2025-09-06T15:06:29.605554Z","last_seen":"2025-12-03T12:51:21.521007Z","times_seen":212,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/favicon.ico","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","date":"2025-10-24T02:41:14.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cholteth.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:40:57 GMT","end":"Mon, 08 Dec 2025 04:37:16 GMT"},"fingerprint":{"sha1":"57:8E:43:C3:36:5F:2C:AA:B3:FB:99:B8:BB:FE:2E:A8:99:86:7B:04","sha256":"52:32:13:28:79:58:E9:CA:6B:C3:84:D3:A9:62:AC:C2:DE:4A:87:D7:76:B3:86:0F:84:B4:93:0A:A9:76:E8:7C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 54.cholteth.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 24 Oct 2025 02:41:14 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Wed, 02 Nov 2022 12:29:48 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"636262bc-1007\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3kJkoe7pm12m7%2FlZ5JuYFvjjgPdiTBU9eS%2Bi%2FnlrSIyJBcB5DzA%2FEL4pdh6HP4hEbDvSp6kSwP5wlOQ06waMQqVHBC4iW0jz8Ug%2FW8k%3D\"}]}\r\ncf-ray: 99361d32787056ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4103,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4cdf3256cd7b8ec3917adb79d6bf457e","sha1":"bc615337e9223183a126c8fb649774866fb53e69","sha256":"fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0","sha512":"2bcd90a667b80393690e244a979e36e9f482b419e52302571a41412aac296aac1d58f81787b38d00a00257dca8bd3dce7cfe6ab8ef12aa3a91e0801ee3c3f21a","ssdeep":"96:LSDZ/I09Da01l+gmkyTt6Hk8nT2JCkun8i01FZZN:LSDS0tKg9E05T23un8h5N","tlshash":"2e818daf99b0d47f7938fa400dce8281e279256c197637ad94e5c5ee00a7b031bb0232","first_seen":"2023-04-08T14:37:37Z","last_seen":"2026-05-08T13:36:34.070666Z","times_seen":8970,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kuolkoola.com/event/set","fqdn":"kuolkoola.com","domain":"kuolkoola.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","date":"2025-10-24T02:41:15.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kuolkoola.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 07:07:39 GMT","end":"Sat, 13 Dec 2025 07:36:50 GMT"},"fingerprint":{"sha1":"5D:4E:87:DA:02:9F:04:8D:C2:0E:E1:F5:70:70:3D:9D:1E:33:4D:9E","sha256":"22:A6:32:7D:E5:0D:0F:A4:D8:0A:5B:A7:28:71:0E:64:D0:EF:A4:C9:5E:F5:D3:C6:06:E8:07:A2:95:68:0F:8E"}}},"request":{"raw":"POST /event/set HTTP/1.1\r\nHost: kuolkoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://54.cholteth.com/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 145\r\nOrigin: https://54.cholteth.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: userid=2ce09d8f-0646-4b63-b613-bc15bc422d00\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent","fqdn":"backgames.ru","domain":"backgames.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T02:41:15.606Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent HTTP/1.1\r\nHost: backgames.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://54.cholteth.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":120,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"54.cholteth.com/assets/styles/arrow.css?v1","fqdn":"54.cholteth.com","domain":"cholteth.com","tld":"com"},"ip":{"addr":"172.67.196.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","date":"2025-10-24T02:41:14.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cholteth.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:40:57 GMT","end":"Mon, 08 Dec 2025 04:37:16 GMT"},"fingerprint":{"sha1":"57:8E:43:C3:36:5F:2C:AA:B3:FB:99:B8:BB:FE:2E:A8:99:86:7B:04","sha256":"52:32:13:28:79:58:E9:CA:6B:C3:84:D3:A9:62:AC:C2:DE:4A:87:D7:76:B3:86:0F:84:B4:93:0A:A9:76:E8:7C"}}},"request":{"raw":"GET /assets/styles/arrow.css?v1 HTTP/1.1\r\nHost: 54.cholteth.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 24 Oct 2025 02:41:14 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 02 Nov 2022 12:29:48 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2F2pmrTZ272QSFYLfRu0rrf6gK%2FIOOnrZWYkuQRijZ7cGaUrLF6jMsg5i4Io%2FJXgQ6Mfb6W4iep1EK1GgwbjNWytTtRqCZosE05a8PL0%3D\"}]}\r\netag: W/\"636262bc-1a14\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99361d30686856ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6676,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ed4a61ae7235d0e7573766e78dd3fc02","sha1":"090b5cdab4ff3a3b87f491da06b4db99a8c51694","sha256":"ca50536990b949c20119f3134582c654fcd14fabce2517bbc5255fba7faa881b","sha512":"c2d58441829ea6697f14e85f01e1d0c006b6460cd110969578263423016232f407b40490eb5dfde4fbe02e47ac1e19c8db508b8fc0c7fea7a28920c0ad573165","ssdeep":"192:jKRrDP7WWP/8O+t6cjfwZVMLLmmGTA3P8JsRYJbwAzXJtMzZzINvOQpsLr6O:Y3MLLmmGTA3P8JsRWbwAzXJtMzZzSvO9","tlshash":"94d173236a5e2c46a05ed898efd09f4e261f41d7664f8c99fd80340d9fc89a48996f8c","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-05-02T09:36:27.376409Z","times_seen":506,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"54.cholteth.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hdtcode.com/event?data=\u0026id=10","fqdn":"hdtcode.com","domain":"hdtcode.com","tld":"com"},"ip":{"addr":"185.98.54.153","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","date":"2025-10-24T02:41:14.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hdtcode.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 23:24:32 GMT","end":"Wed, 29 Oct 2025 23:24:31 GMT"},"fingerprint":{"sha1":"C2:B2:87:00:AC:13:7C:B3:BE:D2:30:3C:4D:22:F7:76:C7:10:A6:CB","sha256":"CB:B6:D9:33:57:92:76:E9:B1:94:81:E3:9F:A1:40:D8:3A:CC:C5:FD:71:6C:89:6D:58:BE:10:F4:3E:77:44:34"}}},"request":{"raw":"GET /event?data=\u0026id=10 HTTP/1.1\r\nHost: hdtcode.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://54.cholteth.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.23.2\r\ndate: Fri, 24 Oct 2025 02:41:14 GMT\r\ncontent-length: 0\r\naccess-control-allow-headers: X-Requested-With, Cache-Control, Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.23.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":43,"dns":1,"connect":18,"send":0,"wait":17,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kuolkoola.com/61900","fqdn":"kuolkoola.com","domain":"kuolkoola.com","tld":"com"},"ip":{"addr":"104.21.68.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://54.cholteth.com/index/d4?diff=0\u0026utm_source=ogdd\u0026utm_campaign=20599\u0026utm_content=\u0026utm_clickid=44c84s0wgcc40ocg\u0026aurl=https://backgames.ru/wp-content/uploads/torrent/Harry-Potter-and-the-Order-of-the-Phoenix-7565.torrent\u0026an=\u0026utm_term=\u0026site=\u0026allFull=0","date":"2025-10-24T02:41:15.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kuolkoola.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 07:07:39 GMT","end":"Sat, 13 Dec 2025 07:36:50 GMT"},"fingerprint":{"sha1":"5D:4E:87:DA:02:9F:04:8D:C2:0E:E1:F5:70:70:3D:9D:1E:33:4D:9E","sha256":"22:A6:32:7D:E5:0D:0F:A4:D8:0A:5B:A7:28:71:0E:64:D0:EF:A4:C9:5E:F5:D3:C6:06:E8:07:A2:95:68:0F:8E"}}},"request":{"raw":"POST /61900 HTTP/1.1\r\nHost: kuolkoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://54.cholteth.com/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 216\r\nOrigin: https://54.cholteth.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Oct 2025 02:41:15 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://54.cholteth.com\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-request-id: d22ee92de39a9249ebfadcad3eb85874\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nx-ng-name: front7\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y5c3LdmifzLK8TNQWhokqz8mXvjTlm29APTyGdEnxacwpeIZcTmDjn5y3jW40WxeEv6w%2FLYlOmB9mGsxgxax%2Bt%2BGZkvUHFXKTYTc\"}]}\r\nset-cookie: userid=2ce09d8f-0646-4b63-b613-bc15bc422d00; SameSite=None; Secure; Path=/; Expires=Thu, 24 Oct 2030 02:41:15 GMT\r\ncf-ray: 99361d37be675695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3237,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5b35399bd8645c135a58e971f3f8868","sha1":"eed270d38c8e196c1e7ff6d59d9a7ab3ee61aa44","sha256":"e51ccb1a3fdcdd58415700051fba6b18a24f00c2cecfb57cdbc70db7dfc36322","sha512":"a5d7d2d02cc7a451f732d00f810ac30aeeb9639ae779fc0630f59b52e725f6c71346a9698a9272c1a80fd040bd64a86f920b5c2921db05a679753c5d36a9af49","ssdeep":"","tlshash":"c3619ddb26f9822f82c52ddbd7365c7d30259d98df4a4399efd7a417d4072344608388","first_seen":"2025-10-24T02:41:40.747425Z","last_seen":"2025-10-24T02:41:40.747425Z","times_seen":1,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":23,"dns":5,"connect":1,"send":0,"wait":79,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}