{"report_id":"d5d17b67-d671-4b49-a20e-5d3b4bea1d37","version":6,"status":"done","tags":[],"date":"2025-09-28T09:33:57Z","url":{"schema":"http","addr":"ctonidrimy.pro/dyqSXtm1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"104.21.21.57","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ctonidrimy.pro/dyqSXtm1#0#1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"title":"“Ze bestelen ons al jaren!” — onthulling van Gert Verhulst blaast uitzending op: elite woedend, mediamagnaat in handboeien!"},"submit":{"url":{"schema":"http","addr":"ctonidrimy.pro/dyqSXtm1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"104.21.21.57","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-02T09:33:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"ctonidrimy.pro","ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-09","domain_rank":0,"first_seen":"2025-09-28T09:33:57.983436Z","last_seen":"2025-09-28T09:33:57.983436Z","alert_count":19,"request_count":21,"received_data":1350158,"sent_data":13155,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.pushmeback.com","ip":{"addr":"104.21.9.79","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-09-13","domain_rank":0,"first_seen":"2023-09-13T11:31:54Z","last_seen":"2025-09-23T12:48:23.931999Z","alert_count":0,"request_count":1,"received_data":61334,"sent_data":425,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"statics.hln.be","ip":{"addr":"23.0.161.72","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Belgium","country_code":"BE"},"domain_registered":"1999-03-11","domain_rank":794828,"first_seen":"2025-09-04T18:22:03.000944Z","last_seen":"2025-09-04T18:22:03.000944Z","alert_count":0,"request_count":1,"received_data":4186,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ctonidrimy.pro/dyqSXtm1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"df5fd03735bcc8298a5a9f7afc2a048e","sha1":"6c5e2a0ded78f0a28af523568d6ce4c9978f1930","sha256":"f4ad9e0e1d6b752534b12531ccdd27c89cb2a3cb1e7b4160d2f20fb8620d1077","sha512":"fc58d1db70515111678ea9e581c3bda3760d76843c54b339b7af3cd38ec815a7ae207e589ca6704fce914a8ddd98da332e7f9f6aae5f639fc479b36bb95f605e","ssdeep":"","tlshash":"93d023f843160c43182515135bd39392d1bb09bd0048400cf5de53d5dfe1267770d790","size":228,"data":"","first_seen":"2025-09-28T09:34:01.47224Z","last_seen":"2025-09-28T09:34:01.47224Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/dyqSXtm1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"87085ddbd203e8aac4e3771673718b60","sha1":"3a2046864aa719fbe6998e5ff5770e81bbf60cde","sha256":"4694f6ab070ba67c087dfc3a1eab519ecdfc887ceb086b726fdeb97bd33a8dbe","sha512":"bd1d913a0170da637faacc6cba561c675793561e102c475cde9efc5c856af2d038509fc78c1174924900a63707169bca1c75f1ae6af0db747794c65d06438ffa","ssdeep":"","tlshash":"35f08c2e53a79700e22b5008db2a85092a62490f3ec19f667c0ea4401f9081dc0eebc0","size":560,"data":"","first_seen":"2025-09-28T09:34:01.475342Z","last_seen":"2025-09-28T09:34:01.475342Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/dyqSXtm1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"80e7173b722326d7b00b439279c59ce3","sha1":"bbf4b94ce74a9b71c31b2af9288b316d6eeb7a0c","sha256":"05f3a9a0e872ca131106b5fa98f2e587c1949cc81116092451fb4fb2a0212937","sha512":"8825f9768790fe884fd564440943520f9385cd56135dc38838596b73ab8f1ad141f4c2a6f4a2e5335a951729ab269b74af058ff133831e73fd2e4b24b86e38f3","ssdeep":"","tlshash":"2cf08c1e53a79700f2275008db2a85092a52490f3ec19fa67c0ea4401f9081dc0eebc0","size":592,"data":"","first_seen":"2025-09-28T09:34:01.47834Z","last_seen":"2025-09-28T09:34:01.47834Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.pushmeback.com/push-server-init.js","fqdn":"cdn.pushmeback.com","domain":"pushmeback.com","tld":"com"},"ip":{"addr":"104.21.9.79","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f45aa50109732ef53ba3ad1ff070123","sha1":"41419b9a69cb336505ac51e29e42f97bf33e774a","sha256":"524a74674e015c1259876fe7cc0910bde5a920d98f2ffd893125747c1f97fcd5","sha512":"cd00626d5e99f935325db48569abad1aaaabb937607c5d7526c290f7a1ef2809b0b15f87d6394d518c8be19351c71569b89647895163a13dc4aee0ce15456289","ssdeep":"768:o8LRMX2XCSHZoiVOR4cjACxALfaMfXWtumNSNBLJBmgKM4mQ3w0Ba8ai6CDBG/Rb:crEbXmVI1JkSz/mA1uXZJ1FNQ","tlshash":"a8431a857bf3b42647e714eb54772002b63a460c380e8064f3add9da6d6644ba6b7f3c","size":60370,"data":"","first_seen":"2025-04-23T18:06:44.935851Z","last_seen":"2026-02-24T12:51:05.9947Z","times_seen":95,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/dyqSXtm1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"906c59214f389cb8136f1e5c63ba82a8","sha1":"d6e5dd90f2ad52e97f0e4e94010e69d7d4f13ffb","sha256":"ec2d57e85912eaa4e94aa6bb80a1bc529e454b1446f2b75ac0d854ebbe9d4d8f","sha512":"3c55c99af707121032ece54d60bc92fb984a1ee140c382a68a9cc248104678a7adcf28187849db5490d75cd9ec09d76f4d2be06bb91a8300a97083bc476db040","ssdeep":"","tlshash":"6961bbae52f330215a77b03e4b5f622435394057280aee017d4cd2949f99b3d52b9fdd","size":3196,"data":"","first_seen":"2025-09-28T09:34:01.481282Z","last_seen":"2025-09-28T09:34:01.481282Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"cf10e14d033265e65d2f0f2c29bb5548","sha1":"a2a42268481e3f41227af6ca373571de731bb55e","sha256":"6afcca17d2075a87fc7ce26dbe67a96ce6f6ebb14d5c7585640afdabd41fcdec","sha512":"e10c5e8b03d0f340ae4c15a15022445eabb8f1b78ec32b0384d0877038a38fe8f250b4951b4b3c39fcec2f49c055482ca842e45115e6b27aef9959de88b8416e","ssdeep":"","tlshash":"585000000000c0000c0c0c000300003cc0330300000000003c0000003000300000003c","size":10,"data":"","first_seen":"2025-09-26T16:27:13.167193Z","last_seen":"2025-10-10T03:21:01.158743Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"845aa3078301f7e260a2139ea4bbffb6","sha1":"79e4e27d4e0940064405e3925e2304d8c9e0a4dd","sha256":"744f758f58db97f4182c5b6b899f108a727b2aa80cd32dd5813815dfc22f1c46","sha512":"90b912ab97a1b1dc713754d9879a3e80977f64277169a727c33bba805657019d887c04d6e400999d98ef191dc3b588d25b964a22a62c92889cae2620b503ccf7","ssdeep":"","tlshash":"585000000000c0000c0c00000300003cc0330300030300003c0000003000300000000c","size":10,"data":"","first_seen":"2025-09-27T17:38:25.709431Z","last_seen":"2025-10-07T12:52:11.951401Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/fb-widget.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/fb-widget.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l8yu9eC%2FI%2BItrNFalYNxguCVoOWzzv%2B5XLVQ7%2BofdAGXAM4YjsQ5dkbTmq2N2qod7M05ZICDS1I78JTROc3phZ7K6BD%2FuU96Odxbrg%3D%3D\"}]}\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\netag: W/\"68d8ffe2-a3f\"\r\ncontent-encoding: br\r\ncf-ray: 98623d79293856c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2623,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"a817fef48a108016cfd5d159af2f9f94","sha1":"59144b22a3c803f6a43d4bfce345c62106f02e07","sha256":"28cceec24096067422fbb6178e2e254530090e31ecba657bc102a60083d42d04","sha512":"2e67708ca794bce2f9ee5c63efc56103db5f58f485054ed7c4967c841d12ef39f21825d57b400edfb6f68781591451a9951c80bf1328eddc6c57514e304a4603","ssdeep":"","tlshash":"3d51ee8506682184fd1bc05c3ca2ab12b15d46c2978ee9fa5ef0360c9d8e0c66cf3bdd","first_seen":"2025-09-28T09:34:01.404663Z","last_seen":"2025-09-28T09:34:01.404663Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/reddit.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/reddit.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68d8ffe2-1674\"\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0Y3q4saOqZMHwFFwVq936SN9sEMw%2BSS6m8cKVgoEDUTMMwV7mSRf97%2F8Pvu3iOgHAb2ux4kGqqyEnwniKMfjHkxNbzJOLjC5B1vc4Q%3D%3D\"}]}\r\ncf-ray: 98623d79293b56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5748,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"993fcbe605b2ebda487ca55b83511dee","sha1":"3c0a41a0b4827990a4e10e98b848aa557c195d67","sha256":"7ff86b9c271d9b5c4b3f9d6f57eba35e723393ae213a923dcdc1785517402848","sha512":"512c361ed2d2021785f835f8de15eeb5e8cce27bc471d380a25000bc55142c0c3c2e243645233ea314e80fe92f2970329dc747acbe39c870ace1b331c63f4e61","ssdeep":"96:ZLTuhNBbOjT87NT7OjTleNggrOjT01NNrXOcrJchACYMfulAoC3bOgxA9QY2Zpj/:Z/uLI85uliW0BzgntulAfYQrZpcFOlgw","tlshash":"39c1209342645901fe7258583ada6f56778d4403a28cdeed6ff0205ceee908285f2bdf","first_seen":"2025-09-28T09:34:01.410219Z","last_seen":"2025-09-28T09:34:01.410219Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.pushmeback.com/push-server-init.js","fqdn":"cdn.pushmeback.com","domain":"pushmeback.com","tld":"com"},"ip":{"addr":"104.21.9.79","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pushmeback.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 21 Aug 2025 10:47:10 GMT","end":"Wed, 19 Nov 2025 11:45:10 GMT"},"fingerprint":{"sha1":"33:58:0C:DB:B8:78:8A:D9:B5:C5:30:40:F9:85:CC:CF:B9:3D:CE:D4","sha256":"95:63:AA:4B:5E:DA:A2:D9:FC:2A:B4:75:CF:5A:00:58:B0:0B:CD:A2:60:44:C8:2E:05:51:D1:35:68:22:A2:DE"}}},"request":{"raw":"GET /push-server-init.js HTTP/1.1\r\nHost: cdn.pushmeback.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 22 Apr 2025 12:06:46 GMT\r\nx-rgw-object-type: Normal\r\nx-amz-request-id: tx0000096d4b82bf3be26f9-0068c3c493-b052fa56-ams3c\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, accept-encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NTqi9QO%2BlqqMzVbo0Ngone%2FVf9%2Fg%2BVVMi9BgYkg4%2F87UkAVqOju3J1vuMfAbBwg1UwLzRUizC9ZO%2BV6S0GSWDkJI9Ann4YDzFOeobCI7JqE%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"5f45aa50109732ef53ba3ad1ff070123\"\r\ncontent-encoding: br\r\ncf-ray: 98623d7a8bd256a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60370,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (60369)","md5":"5f45aa50109732ef53ba3ad1ff070123","sha1":"41419b9a69cb336505ac51e29e42f97bf33e774a","sha256":"524a74674e015c1259876fe7cc0910bde5a920d98f2ffd893125747c1f97fcd5","sha512":"cd00626d5e99f935325db48569abad1aaaabb937607c5d7526c290f7a1ef2809b0b15f87d6394d518c8be19351c71569b89647895163a13dc4aee0ce15456289","ssdeep":"768:o8LRMX2XCSHZoiVOR4cjACxALfaMfXWtumNSNBLJBmgKM4mQ3w0Ba8ai6CDBG/Rb:crEbXmVI1JkSz/mA1uXZJ1FNQ","tlshash":"a8431a857bf3b42647e714eb54772002b63a460c380e8064f3add9da6d6644ba6b7f3c","first_seen":"2025-04-23T18:06:44.935851Z","last_seen":"2026-02-24T12:51:05.9947Z","times_seen":95,"resource_available":true,"data":null}},"time_used":686,"timings":{"blocked":211,"dns":10,"connect":2,"send":0,"wait":258,"receive":0,"ssl":205},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/photo-7.jpg","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/photo-7.jpg HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 243706\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68d8ffe2-3b7fa\"\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jap%2Bis5a3CP1UaUPii6AB1XBqcLEmfs%2F1S%2FEKoyjwqN7W0sy3jFTNnYPGkMB5ggvk388j2JxKKzFyN8Xudj6gk1Kky%2BOTMZfKG2f6A%3D%3D\"}]}\r\ncf-ray: 98623d79294556c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":243706,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 962x983, components 3","md5":"4008b2e15f45218043c9c6be4deb422b","sha1":"f79671f8687a4d92370b746a8cf26c4c18f8393a","sha256":"2f3012d71fa7bc989346007133e884362c38c8dcc2ddd62dbf0f7615981d6852","sha512":"05756dfc0e5a07360d4c88db6a8ca0a75267f418b5a064ce455100c76221af289e479cfe107c528cd80b74897ec60265cd8ac0d2bfb4c2ff58262d698f307f13","ssdeep":"3072:OAZUduKFFn0K5ralTpyBdvx327xq7yenJFjla9iQSVFbY1UNHq11A6Hg8:OFQKFF0uM7rWL8EQSVFc1B1yz8","tlshash":"fe34bd34f7d3db20578f406e94bc3d3ba70981e492e46163159bae26b14efb58a1313d","first_seen":"2025-09-28T09:34:01.418462Z","last_seen":"2025-09-28T09:34:01.418462Z","times_seen":1,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/photo-22.jpg","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/photo-22.jpg HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 431430\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68d8ffe2-69546\"\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NlPc7QXMwobIoq%2FnyxKAlSWfS%2B4r4hCAccuIZrzcgB669YaU5C4ObpSSYIYusPvFscYXmvPG%2FrUvVH7gkN2aq6HbmXXtvnmMG3z4ug%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 98623d7c7ce90afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":431430,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1067x600, components 3","md5":"187b83afbebe828303e5fdadc03c4ecf","sha1":"3be1622d0cc521b9ce9e9a9ff5ccafeee8a47c3d","sha256":"3717169b318500b7ee18668ef93e270a4f9d8573eb97a512af58114e5a19b702","sha512":"54e7ddda97956aa155ca1ed4cbf2801dee95d6b85f9b9c23fcb37c83170774e9b19ccc902504464dc29061fb061bd32c3b25f37292a74dbef63b0a14ba88f8fd","ssdeep":"12288:+sKhcUUVjhnTAeZd3Yh/UDQYyzFsDzWLcBGOyZGNdH3Mr:qhoVF8QdohpvzF0WIBGj4cr","tlshash":"829423a482d7d39b9a2f83b4a02289fcd5236831d5db3ce41b8119c5da51ecaccde5f4","first_seen":"2025-09-28T09:34:01.424064Z","last_seen":"2025-09-28T09:34:01.424064Z","times_seen":1,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/dyqSXtm1","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-28T09:33:35.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /dyqSXtm1 HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:35 GMT\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bbeZNSnIx0njkB2cKHh1a4T3G6Hqac6M%2FgddE6jPhRu0OSmSKb7jtaWjJo8ypOKquXhLnseD3Njw1uLKgd7K1YrP2zlRdORtNyLuRA%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: e3b0c4_28=psu9rs2ua3nep; HttpOnly; SameSite=None; Secure; Path=/; Domain=ctonidrimy.pro; Expires=Mon, 29 Sep 2025 09:33:35 GMT\n_token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; HttpOnly; SameSite=None; Secure; Path=/; Domain=ctonidrimy.pro; Expires=Mon, 29 Sep 2025 09:33:35 GMT\n_subid=3gfdoco.1c.fmhv; HttpOnly; SameSite=None; Secure; Path=/; Domain=ctonidrimy.pro; Expires=Mon, 29 Sep 2025 09:33:35 GMT\r\ncf-ray: 98623d78387d56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":132828,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2567)","md5":"cf469e3e1b01ed07954c49d42baeb63a","sha1":"ea1b687027ef04132ee69adb122b6e908263e475","sha256":"789598ad9fddd5d9e3b0c8b3a9c0b67f449f4866a269a617193e507716a7698c","sha512":"e11d1c0c8710754fefc2d03d1892dbb6c1b42534f85c4cd1cfc480427ba5ff9bce17c0d89b99056d1b6f78f0808d4be2cf0fa2c409af8daf62436e89c18661c3","ssdeep":"1536:JsRFzRs83WSSFOx8yghl0yyPLjjoFqZbV1e2dVVXt+wnvsmOPXsKzyco+MZXGyOI:6blfTVXXhDwygDoHO4lXFUe","tlshash":"d2d3f86150f226771183a3965a671b27bfd2c01bcb46e70dfaed83949f87ed2848358c","first_seen":"2025-09-28T09:34:01.428936Z","last_seen":"2025-09-28T09:34:01.428936Z","times_seen":1,"resource_available":false,"data":null}},"time_used":678,"timings":{"blocked":298,"dns":1,"connect":2,"send":0,"wait":82,"receive":0,"ssl":294},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/check.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.548Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/check.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68d8ffe2-15db\"\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kvaw5uCgXO%2FoxoeMfBUuCm%2Bhkp%2B%2FN2f84Xyqh%2FqP2QWY%2F45PljD4ysItm4iYxURrfQcx%2FnxQcjq9gJ1e%2Fw1aFeVh55xX3Zyv%2BN%2FbNQ%3D%3D\"}]}\r\ncf-ray: 98623d79294156c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5595,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"79cd33a766e7311faa107737b5409276","sha1":"e96945a393dfbf80f6cf3b51025cf30442180d1e","sha256":"fa2913d54967fd92892c873dffe9875e3ce353cf53837de31cfb4b8673798711","sha512":"0369ca9d18182a3251fa23b7e73bce09ea47909b56db503b99d20da7f5d8c15a0c0f76b09828108ae90296edbd869016f7ab3ed93b2048d119333a31cc725960","ssdeep":"96:CVOjMjOzVW52bay5F55/X5SEJsrSC/roJqJCIJ5mbyk5+X0vki1FNWS9MmCS:C/h52bay5F55/X5y/rVC25mbyk5+X0vX","tlshash":"adb1348e9db60004e96f1875baa627463274d0075f4dde5bbdc2a428cf493a11af3bcc","first_seen":"2025-09-28T09:34:01.436594Z","last_seen":"2025-09-28T09:34:01.436594Z","times_seen":1,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/delivered","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/delivered HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:35 GMT\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xsDidoi4pRLucnaEgdZcQmnqHcAtgRYAYC%2FStl9VudJk%2Byc7FPWQpe28G%2FKyAD3GgozT1zyS58pZBWdF7MX1vUe92KaaJsFnycV6Ag%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 98623d79294456c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/delivered","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/delivered HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7MA%2BhnkMzaAusZMq7Du96%2F6qXVefNCsgHH1Pl0%2BoA%2FZJukGS9Nkz0L22aI9%2BpKcrf%2B13Cb5ddBmHY77DbEGXzaNRuPIZGRPxMEndQg%3D%3D\"}]}\r\ncontent-encoding: br\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98623d7c3ce30afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/Stag-Medium-Web-8fcbd0fe6b.woff2","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/Stag-Medium-Web-8fcbd0fe6b.woff2 HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/main.css\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E24IOU7g7wiOvuOQQQxQoBNLJyyr0WL0FJZ%2B4FHdJxVNgaJlR84mPMVfDlKuL25XQQs5CtMO2DyxIbVkMPHD8ncmRgh%2FM2ONF9GazA%3D%3D\"}]}\r\ncf-ray: 98623d7c6ce50afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":66,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":65,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/favicon.ico","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NCR9ie%2BnKAUSbt7bGktCC8w6sC6YDrd02mfO24R%2Bczcu1O07N9P5VA1ab5oEACAaBgdewJtA%2F%2BgZ%2FpRspf%2BWmpQO%2BB3ZEGfQMkuQgA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-cache-status: BYPASS\r\ncf-ray: 98623d7d3cee0afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"9d1ead73e678fa2f51a70a933b0bf017","sha1":"d205cbd6783332a212c5ae92d73c77178c2d2f28","sha256":"0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5","sha512":"935b3d516e996f6d25948ba8a54c1b7f70f7f0e3f517e36481fdf0196c2c5cfc2841f86e891f3df9517746b7fb605db47cdded1b8ff78d9482ddaa621db43a34","ssdeep":"","tlshash":"a250000c0003c3cc0000003030c0000000000300300000300000c000000000000c000c","first_seen":"2023-03-08T03:03:03Z","last_seen":"2026-04-04T06:47:36.59143Z","times_seen":69225,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/swiper-bundle.min.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/swiper-bundle.min.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68d8ffe2-481b\"\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b7f%2Bdl9PQET3khy3vYkQGwUgD0cS6afhvrddY6XLrDucONRA2exvD4B7e%2BvrSeKXbfV1hMpK0MesNp6wtmn1Xnfx%2F6BLlhrtnDr8hw%3D%3D\"}]}\r\ncf-ray: 98623d79293d56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18459,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (18199)","md5":"93df2093eb0524cb7734eff5b284e87b","sha1":"148acd6fafd616a989adbc233bc44c34ece886ce","sha256":"8b35c6364fba567362c8d577bc907a05f69de0ed074fc038b821c9392d91c215","sha512":"0619f1b85d1c7b8e15f5a237f8866f44c7314c8fc61d8ee1f5a844eae2374940a3846615f977c5fb78442ca5ed26dbeb34639b375ee7c59fd17a86b09bbec73b","ssdeep":"192:LjmUJbiKne5JTLdKSme+jeF474nQ7p/l2GZb0Q5RfufKDvAYfg5faeesedOJxbpy:LCUbe5JndKW+Sa0ni24tnWfz4eNi","tlshash":"a88256a45350182753274f374bb1cbb9e97444c24f9389ae91c0ee58d7facb9132f2a9","first_seen":"2024-09-13T15:02:49Z","last_seen":"2026-04-04T01:29:48.080422Z","times_seen":900,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/main.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/main.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68d8ffe2-b595\"\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NYvmTp7f%2BtwSqJhO1zzUh7tSoVGJnMN3CjvB4gdw4d3DPR%2BLO8GQVgFtPXgOOym3kmgWSEqWU1WSK6BwdczamoYS5S9o88S5cpS2Eg%3D%3D\"}]}\r\ncf-ray: 98623d79293e56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46485,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e65f8e01864ee39920c83478ae8d4e59","sha1":"6c86d0d4a8d5a116d7a69dfdec9c36e6214b8694","sha256":"43ecad4492cd3fad674e43d47624cb94f41d1072d6864e185b36049f6e390784","sha512":"cdc2b38394fa52534d9c652a80dfb50ddeb1894a176faebe6c2a1b75e2dabb096ba3b60e99bb6dc39b1960114844751a23c81973880c6f54ca1e29b3f6fc71cc","ssdeep":"768:mwenF2FuF1FuFJrgtZF1FoFhuFGADK2FKFc3XhBhS2q6EJ3GxbVFcFcWF4F1YxSv:m1nc8b8TgtZbK7uwADK2oi3GYBVmtinZ","tlshash":"042383829af21a04a01f7c96a49b8715a32c905bd11fde59ffe0110cef8ead56137fc9","first_seen":"2025-09-28T09:34:01.450325Z","last_seen":"2025-09-28T09:34:01.450325Z","times_seen":1,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/twitter.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/twitter.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68d8ffe2-167a\"\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8t%2FW6ke5m94SBX03%2FpftZLhYwH8qTgzDntkwOBh7ZUozAGpPOuilhrioVcGbNz%2B5qEB75XdrOa6fS1uyQEOYN9uV7IPyy7ExHzStEA%3D%3D\"}]}\r\ncf-ray: 98623d79293a56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5754,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"d0be1a16fa5eeab2d8bd086672edb201","sha1":"e9f80247c45e29bb9271d605b8ec8f49dc95a721","sha256":"0110a5088496ea8e8bd63c0af0a0514c62e702fecd05c12249ab9e257498af15","sha512":"561849316327501ef8d4528649a02b8c7b1cfac828d629f1d262d2702ef4212ddde788b31c5d288fa20648c7e857327d3a8d7e4d6537d4aa197e933c131b93f0","ssdeep":"96:ZLTuhNBbOjT87NT7OjTleNggrOjT01NNrXOSrJehACYMdulAoC3bOgxO5QY2ZjFb:Z/uLI85uliW0B9WnvulAfqQrZjF+YJ1/","tlshash":"d4c1508652641900ee7268493ad65b563b4d840bf14cedae5ef0108cdfe9582c9f2fdf","first_seen":"2025-06-19T13:31:12.274817Z","last_seen":"2025-09-28T09:34:01.454589Z","times_seen":3,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/pop.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/pop.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1byGWdmpWtepxvbd8f0ASvBKPSevFEOaV6PxlsIYfY80MfWcFWewGFdjdUTH0K%2BZbc3tuiVuX7iD9YCQGYayae7t90NSWybdeNSdCw%3D%3D\"}]}\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\netag: W/\"68d8ffe2-59a\"\r\ncontent-encoding: br\r\ncf-ray: 98623d79294256c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1434,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"deccdbdf1b529a584f9f680acd197879","sha1":"5384c5ccb7740584850e93ed93177e117a4621ba","sha256":"a68ff48d10d20711aa6105f5a347f8d46bc2bfa9839ff418548ceecf18c88e57","sha512":"9fdcf1d4ce32fa05817b9f26e848f860cda0c94c884e185e28bdef1a0c95ebacb3d8151aac6a07c3e8881f072d224fc7ab3c59d347ec02b51a81e118f190d374","ssdeep":"","tlshash":"f3211eade6258101a633edd53b625f9161884063bb0b4779bff01828f68886dd370bce","first_seen":"2025-09-28T09:34:01.457128Z","last_seen":"2026-01-12T19:39:13.705125Z","times_seen":2,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"statics.hln.be/img/plus-logo-3e2e2245b6.svg","fqdn":"statics.hln.be","domain":"hln.be","tld":"be"},"ip":{"addr":"23.0.161.72","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hln.be","organization":"DPG Media Services N.V."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 21 Apr 2025 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1B:7D:BB:A1:DD:F2:6C:E1:66:20:92:4F:5D:D1:F4:01:B0:BE:B3:94","sha256":"86:FB:EE:CF:EE:13:F7:55:FB:FA:4B:A9:3F:B2:75:CC:22:8C:8A:D0:D6:2E:D7:01:C0:DB:B3:8F:BC:2A:D4:9E"}}},"request":{"raw":"GET /img/plus-logo-3e2e2245b6.svg HTTP/1.1\r\nHost: statics.hln.be\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: pGFd5NTVADhnG6Zlmvz4lkXbqtSvYtF5uf1ngK1bZ+RbkdWCPddkhnFv/gpBD5MEggp5mCw6R74n1q7pcdICpNlUbfqOGk7KqLvmKh2yONI=\r\nx-amz-request-id: DBVG2HGK2K1WD56T\r\nlast-modified: Mon, 22 Sep 2025 07:48:16 GMT\r\netag: \"3e2e2245b626ca9747915f24674a73b6\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\nserver: AmazonS3\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=7933\r\nexpires: Sun, 28 Sep 2025 11:45:49 GMT\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-length: 1425\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3621,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e2e2245b626ca9747915f24674a73b6","sha1":"33aa134bf29adeb363f2ea838b9f6df563255f66","sha256":"a27f588aa9d1dc7488e2c7f61ca841f137740735695e18f0ed2481e916f3bb4d","sha512":"37b98a656e6f37372d26245d4fe2f80556019889842375adb5d7c374474a3d8a53b82e833d081e1e775a8b7c1878e024ef7760574daa8782bfadb76a4b2a0650","ssdeep":"","tlshash":"ff7162dc83b90a71f4ca93dd97b572672a2901fa36b14ec8face0d152f234ee5056842","first_seen":"2025-09-28T09:34:01.462069Z","last_seen":"2025-09-28T09:34:01.462069Z","times_seen":1,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":37,"dns":27,"connect":1,"send":0,"wait":3,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/StagSans-Medium-Web-1db4220319.woff2","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/StagSans-Medium-Web-1db4220319.woff2 HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/main.css\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hey71F6q3itf3WN0HPCUHBtGR%2FtRfMJcvM0t3xgb258Bql5rIGxxypVMQ2exrm15gUvEVasxHAg%2F919Y9FLLAkiHG2DjSnAbXOYx9A%3D%3D\"}]}\r\ncf-ray: 98623d7c5ce40afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":66,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/RamaGothicE_SemiBold-webfont-38b3737434.woff","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/RamaGothicE_SemiBold-webfont-38b3737434.woff HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/main.css\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8Ix9f7UrtFOy7PmSPobhY9Z6cQw31dQmdz8vFjSX2%2F%2BAQFi7url9l7NjCh%2B9SHjILN3vdR0MpfZC9qSIbjcqqK3lT0dkaKcMyRDBOg%3D%3D\"}]}\r\ncf-ray: 98623d7c7ce70afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/photo-1-44.jpg","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/photo-1-44.jpg HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 425993\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68d8ffe2-68009\"\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=APPnifwoNK7r2V%2B8nzAdsYyn6j%2BojZ9WP9%2BvFY6cLcelQXT9%2BLL807fMCd0LCG2qrpb5D6jkJ7ubucnViBGAJVQUZsaE3N9mnOg%2BHg%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 98623d7c7ce80afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":425993,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 900x600, components 3","md5":"93d79a0d236c04faa18ca2343f8d56a4","sha1":"5d757e1af6cd748a680781cab694938a8e7ceea9","sha256":"723a6d24486cfb2e504ef301a3d0c32b60df55288599432c47e08bfe0e17cc7f","sha512":"1af0f0a194ec96e5dc5d196c22afa66ee22f8cdcbb4929c27e8ba50137086180d0a6d2c129a11e1dd969a45a624b26c8894b62ca3a5f8e78ac16cc867f7a2e00","ssdeep":"12288:eCgiX5B3S11V/4bJB82EyMGDs6nWkRjHfAgVYAbt7RBZ4:DvJBYVgbJdj/5R/AgVYeXBZ4","tlshash":"c39423b90b3441e2f2bc77ba966b8a56682b95923ad303036bd105b7f0dd5f64c2d43c","first_seen":"2025-09-28T09:34:01.465192Z","last_seen":"2025-09-28T09:34:01.465192Z","times_seen":1,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/un-style.css","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:35.548Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/un-style.css HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/dyqSXtm1\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:33:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 28 Sep 2025 09:29:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68d8ffe2-3df3\"\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\ncache-control: max-age=120\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nj9wXal13YbgcPTOcs1bLI%2Fb3d951sc3QZiK6GqCph%2BZGKZVw3axuFaNZGthTTmVSIjI1sCNgsFdqZoAUz4w2yweswbBoVg6X6LE%2Bw%3D%3D\"}]}\r\ncf-ray: 98623d79293f56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15859,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e6939549aaf4aea9dfbde44767a02c01","sha1":"19ded375568819eba9f80334ec530ad45eb77843","sha256":"66ed8145bd06369e5f041d5a1c099e00eb3d1d048b0661510d3c4ffb04f2c254","sha512":"b000faf0e3fc8319c0794b0f435e30e8dd1ece1055045a963ae69ed440fa44a056ee248ecd0ed640598bff4678ca876a51fcbe2d892716f98f1b9cfbd00d473a","ssdeep":"384:IO7PF1FIsH1WrjAoLQGrHeZQPLGfySLLsZDK4dktEnYiDWeGdDh5URSuHHOmT3EA:VrF1F40znltkc5W","tlshash":"53620f965eb33d89b86f649baab6353633543743924eda76a8c0305cdfc87f10522b4c","first_seen":"2025-09-28T09:34:01.46916Z","last_seen":"2025-09-28T09:34:01.46916Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/RamaGothicE_SemiBold-webfont-19cfcf449a.ttf","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/RamaGothicE_SemiBold-webfont-19cfcf449a.ttf HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/main.css\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KC1My3qexQEkdoMa5LckswJWU1RShCC0YGOrYj80Y3fRmvQeotl65DK%2Bt8nEH9mYEs72Ir1FwFiGed0opbdBisX8d0XfgROsK1gs4w%3D%3D\"}]}\r\ncf-ray: 98623d7cdced0afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/Stag-Medium-Web-283697c190.woff","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/Stag-Medium-Web-283697c190.woff HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/main.css\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BAwx1kZ0kJH%2FFL6IYgCttNzhIxWxu1WdFTld%2BQQHYwkROJFRaFivm%2BEMPRvLL%2BBMyJ%2BPsYv55jpg3J5o5rDEaGuuDwAOekSag5vLRg%3D%3D\"}]}\r\ncf-ray: 98623d7cdcec0afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/StagSans-Medium-Web-cfa6d8a4de.woff","fqdn":"ctonidrimy.pro","domain":"ctonidrimy.pro","tld":"pro"},"ip":{"addr":"172.67.196.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ctonidrimy.pro/dyqSXtm1","date":"2025-09-28T09:33:36.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctonidrimy.pro","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Tue, 09 Sep 2025 09:33:48 GMT","end":"Mon, 08 Dec 2025 09:41:01 GMT"},"fingerprint":{"sha1":"90:5D:DD:A1:BC:BE:13:B4:20:0B:49:FD:0C:9E:B6:A7:FE:65:33:B4","sha256":"CC:76:AF:0C:9D:DE:4F:98:7B:56:A5:52:77:50:F0:5D:18:33:90:1B:92:1A:39:94:68:6C:C5:42:5C:C3:32:A9"}}},"request":{"raw":"GET /lander/be-gert-verhulst---nasty-v2/index/StagSans-Medium-Web-cfa6d8a4de.woff HTTP/1.1\r\nHost: ctonidrimy.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ctonidrimy.pro/lander/be-gert-verhulst---nasty-v2/index/main.css\r\nCookie: e3b0c4_28=psu9rs2ua3nep; _token=psu9rs2ua3nep.1759138415.1.01e930f87e4d084f67c03ab620c3ed81; _subid=3gfdoco.1c.fmhv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 09:33:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Sun, 28 Sep 2025 09:33:36 GMT\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0qFtkx%2B0omtGsQTIdRGC6tEs%2BRsjR28chU%2FGntX3bXVxoh2yxQ8Yne%2FTtQ4XBPQv1MkeV4p8m%2BSeob3diswvktItm2gbBXtdc8cdYA%3D%3D\"}]}\r\ncf-ray: 98623d7cdceb0afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ctonidrimy.pro","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}