{"report_id":"f622ac7a-98aa-4187-9c10-9120a0c74f33","version":6,"status":"done","tags":[],"date":"2025-11-07T06:38:17Z","url":{"schema":"http","addr":"korlidon.com/click","fqdn":"korlidon.com","domain":"korlidon.com","tld":"com"},"ip":{"addr":"104.21.49.74","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"korlidon.com/click","fqdn":"korlidon.com","domain":"korlidon.com","tld":"com"},"title":"korlidon.com/click","dom":{"size":17987,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (17987), with no line terminators","md5":"61bc25cd7ef4adcf8b011f0c5ad0783d","sha1":"4f165fbe6feff1330579f46b99f4b1fa305fac75","sha256":"4550f0b8251ce2bbd1830f93ece45b38b2963e37f98513b69d318e08d5f0867a","sha512":"d168915e2370a17b808d3815bda2d4b9572454df55e7399dffd4f93a210ffb33e246f276d4f92776bbfe94386d7ac1c6580ddc9aded86632a21a3e4d04fd6aab","ssdeep":"96:H5rsD0r6pV+CZXUgpk5POtQwb/4P4lHFjqGZaSTCOu:SDH9XJ4P4lHFjPO","tlshash":"ca828ee17dd29c38f58516c8f0b1ee29a1d3f68bdce3d884e9d411f827caa94750d1a8","dom_hash":"domhashe3d1684b07959ae004e6bee0958c6cc1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"korlidon.com/click","fqdn":"korlidon.com","domain":"korlidon.com","tld":"com"},"ip":{"addr":"104.21.49.74","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-12T06:38:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"korlidon.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"korlidon.com","ip":{"addr":"172.67.160.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-23","domain_rank":0,"first_seen":"2025-11-06T09:34:12.743238Z","last_seen":"2025-11-06T09:34:12.743238Z","alert_count":2,"request_count":2,"received_data":1265,"sent_data":888,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"korlidon.com/click","fqdn":"korlidon.com","domain":"korlidon.com","tld":"com"},"ip":{"addr":"172.67.160.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T06:37:54.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"korlidon.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 11:29:13 GMT","end":"Wed, 21 Jan 2026 12:27:56 GMT"},"fingerprint":{"sha1":"9D:F4:B6:26:67:02:50:6D:C7:21:26:CB:28:C0:6D:2E:6B:D2:6F:69","sha256":"5A:4A:C6:09:20:9E:8E:91:99:6F:2B:EC:A9:FE:8E:DB:E7:0C:D6:4B:8F:E3:55:98:46:FA:A6:3D:A1:8F:B4:37"}}},"request":{"raw":"GET /click HTTP/1.1\r\nHost: korlidon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Fri, 07 Nov 2025 06:37:54 GMT\r\ncontent-type: application/json\r\ncontent-length: 26\r\nvia: 1.1 Caddy\r\nx-request-id: e7d5989e-6bbc-4e4d-a063-a1ed6dba692d\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C1Iq06n8R880UST%2BrsmoZmsNvdw3xUuaMpV6uzQ9uSnIcVLG56BSicLUuUf%2BvGq%2BNu7J%2BkSbsYGL8yLRT7edTUxY%2BXMVvNXIXcE%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 99aad3215fa056c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"9b4984d6a76539ed57c35c80f215ff29","sha1":"46abac68f264ab7091a81bba093274e0be9d99c6","sha256":"808ca291a754ae302bdc04b80782ccf2072d28e120aaacecc49a69904153b5c1","sha512":"6b82b0af87f1167411517ec5ab863664b0bd9c3160c73d14ef485f2e361eb9e1141bff7861733749bd0c47a8d70725b8a63bd7a0d6f073d3681db07514122db6","ssdeep":"","tlshash":"208000ba02803c8c83022802b880aa20002080c0308820b30028088a0208c2a0002ac8","first_seen":"2023-05-12T14:27:02Z","last_seen":"2026-06-13T05:50:58.63349Z","times_seen":558,"resource_available":true,"data":null}},"time_used":352,"timings":{"blocked":71,"dns":49,"connect":1,"send":0,"wait":209,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"korlidon.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"korlidon.com/click","fqdn":"korlidon.com","domain":"korlidon.com","tld":"com"},"ip":{"addr":"172.67.160.167","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T06:37:55.159Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /click HTTP/1.1\r\nHost: korlidon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nDate: Fri, 07 Nov 2025 06:37:55 GMT\r\nContent-Type: application/json\r\nContent-Length: 26\r\nConnection: keep-alive\r\nVia: 1.1 Caddy\r\nX-Request-Id: b51b74e8-72dc-4bab-bfc2-0ff05ad87c2a\r\ncf-cache-status: DYNAMIC\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dQUndpTXaQ43AdHbr2toLlcLNnc9djzTKupChurP2%2F0EH%2BbLKrgUEiKdLvNK2yf9Qm1t3uDCB5en09DZSkx4Iq%2F41Y4Fe3NqjjPF8A%3D%3D\"}]}\r\nServer: cloudflare\r\nCF-RAY: 99aad323bda776ef-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"9b4984d6a76539ed57c35c80f215ff29","sha1":"46abac68f264ab7091a81bba093274e0be9d99c6","sha256":"808ca291a754ae302bdc04b80782ccf2072d28e120aaacecc49a69904153b5c1","sha512":"6b82b0af87f1167411517ec5ab863664b0bd9c3160c73d14ef485f2e361eb9e1141bff7861733749bd0c47a8d70725b8a63bd7a0d6f073d3681db07514122db6","ssdeep":"","tlshash":"208000ba02803c8c83022802b880aa20002080c0308820b30028088a0208c2a0002ac8","first_seen":"2023-05-12T14:27:02Z","last_seen":"2026-06-13T05:50:58.63349Z","times_seen":558,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"korlidon.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}