{"report_id":"2a1bc010-57ee-4b9d-87ea-188921873a04","version":6,"status":"done","tags":[],"date":"2025-11-25T18:07:41Z","url":{"schema":"http","addr":"mpk13.cc/","fqdn":"mpk13.cc","domain":"mpk13.cc","tld":"cc"},"ip":{"addr":"104.21.1.137","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kra46l.cc/","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"title":"Just a moment...","dom":{"size":23014,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10956)","md5":"bb0c0eb3fa493b1285c99c4a429fce90","sha1":"37b1f3c14b9ccd24e00aee17b034f0216e82ba76","sha256":"880acd9d6f670f2df8add67897b3d5a3a18e888a29cff103b1f704f62a459cd6","sha512":"c716aec32d2993f58b0bc7bdc0d95109cd8baef52a686cb68a7dfd5ff19b8d437de1a8177b6aae1ff87e002bd21cfd20fd85ab941b2226af3f3cc0546e65c051","ssdeep":"384:D21nb92GgAHLg6Okw+u0ekoorlzSZ2malpaVYcKty+NNv/:WEGE33lortDmalpx","tlshash":"f6a2f82341d405b9b016c3e993e5b59ab5324517af92b427f29d0ab1cfc84ef2763b8c","dom_hash":"domhash7f0b0d2ffe5ac083c75f674467c4f4c7","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mpk13.cc/","fqdn":"mpk13.cc","domain":"mpk13.cc","tld":"cc"},"ip":{"addr":"104.21.1.137","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-30T18:07:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"mpk13.cc","ip":{"addr":"104.21.1.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-28","domain_rank":0,"first_seen":"2025-11-25T18:07:41.665101Z","last_seen":"2025-11-25T18:07:41.665101Z","alert_count":0,"request_count":1,"received_data":945,"sent_data":477,"comment":"","tags":null,"fingerprints":null},{"fqdn":"kra46l.cc","ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-27","domain_rank":0,"first_seen":"2025-11-25T07:20:49.434662Z","last_seen":"2025-11-25T07:20:49.434662Z","alert_count":10,"request_count":5,"received_data":55416,"sent_data":3948,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kra46l.cc/","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a1edc37c8e3ac768dd33e2d4cb42cafe","sha1":"18a8b4436ac3a7c43c4e0a4b0447fa0a0c4326f1","sha256":"5e65b7779aa16aca85d3187a963ac1ecad9ce623c7df36c7fb315b00fcb2c6a9","sha512":"02b5bc7079232b511de90c8d5ac447721b96a1472138cf0e9de274ba3d895b52e4e781a05812ce8f32a30a3822c9240cc7fde176731d9a04a76cf7a3ac352e36","ssdeep":"","tlshash":"899002a359b1509b87265a14524671122b260971870e5717155a0a718574744e941b55","size":57,"data":"","first_seen":"2025-03-07T11:01:59.145819Z","last_seen":"2026-04-04T20:50:22.824063Z","times_seen":643,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5395242a0bfb4fd0959fe2d970527657","sha1":"37b508997b5cfb014d544f49c1118c9efe1eb488","sha256":"9075900ad1e7f61a99bd147150afec571bd67ecbe842c694d338eb7c7f3279b3","sha512":"c3195da87f6da9ed0cc393075d8a4353176d13034b9d7774c90a80504d547ee6cb3f5ea3ed8ee522f8610242fc751df25dafd9e92cf70f9ccca19ede943ee58a","ssdeep":"","tlshash":"8090024585867151d432257441ad50a0416854016c1dec12210c9c210d4032b5d44291","size":53,"data":"","first_seen":"2025-03-07T11:01:59.148941Z","last_seen":"2026-04-04T20:50:22.824812Z","times_seen":797,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/js/connect.min.js?2","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"29c4ba7fb65e126d67e83eebb3cb9f77","sha1":"cec66dbdffbe1bba785c2493653ea2cf5c679fd2","sha256":"289ef8dc3f79e4a5a72dade93e56df66c1ae377319548229b0856bdbe4d49e5b","sha512":"b8e2eed0c29b0e9e472483fbbb2c73eb3ef916ff9d1cca4331b25bd9da97995250a16dc34554a7f85fe17fa9644cd04dc2d8f0325c3803c245c4fca3f6a0725d","ssdeep":"","tlshash":"351127551e3872e413874ba46e2b759ce599d8b73896280b20307ca63f04ef4faa3670","size":1000,"data":"","first_seen":"2025-08-03T06:18:45.569462Z","last_seen":"2026-03-16T13:31:08.308188Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/cloudflare_captcha_frame.php","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5c44a1351b676d21630ad494130fc92e","sha1":"71e23457ad44c5dff057ca9780274cf03fa21d5c","sha256":"ad396249ae1173bfcb60b44b4eaa16814b8674c63161446b7300af7bfb5e2468","sha512":"a7ebe5f08f88ee21a0b398933313d5e70c4d616b3f194f5cbe573db6b954367bfd483234d7c2be477f68305cb9e292f30d966b203e89f8a2f027fc0624e4ec57","ssdeep":"","tlshash":"e5f046af3fb706750ddb96b238ba8bc9383294125981aa06fa3c4070cc21e933036dd5","size":580,"data":"","first_seen":"2025-03-07T11:01:59.146646Z","last_seen":"2025-12-11T13:00:26.353828Z","times_seen":93,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mpk13.cc/","fqdn":"mpk13.cc","domain":"mpk13.cc","tld":"cc"},"ip":{"addr":"104.21.1.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-25T18:07:19.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mpk13.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 11 Oct 2025 16:15:38 GMT","end":"Fri, 09 Jan 2026 17:14:22 GMT"},"fingerprint":{"sha1":"5B:C6:BA:B8:55:31:D9:C8:45:F4:E1:53:F7:7C:ED:27:0C:6D:6D:84","sha256":"5D:5D:0E:45:F1:ED:C7:7E:F5:D0:FE:46:9B:3A:A8:9C:C9:A9:29:AD:46:B3:FE:C3:41:BD:D1:04:7B:E4:79:4A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mpk13.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":945,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":34,"dns":17,"connect":1,"send":0,"wait":42,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-25T18:07:19.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra46l.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 11:54:34 GMT","end":"Sun, 25 Jan 2026 09:51:13 GMT"},"fingerprint":{"sha1":"34:A2:75:7B:24:6D:DB:25:59:7D:48:E1:67:27:68:C3:7A:2F:FF:99","sha256":"EA:46:0F:50:6D:F1:46:1A:3C:BC:64:D0:C2:1E:7D:E6:58:8C:76:69:EB:BB:56:85:E3:3B:51:CA:C3:7D:99:A5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kra46l.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: http_refererq2=https%3A%2F%2Fmpk13.cc; tor_scheme_id=1764224460; tor_port=9086; session_id=a216ca31fbd763e412b59685298691a6; session_id_e=f3ea126a8d8e4344f0037b0bf0a81426; connecting_hash_lite_version=1764094039; connecting_hash=2a43a0dcee78c67b034853415fe127f4; onion_server_id=10\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Tue, 25 Nov 2025 18:07:19 GMT\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dqLCR7R6X%2BjX3CSZLKJ0sYVPd07RhwTP0HTizz1gnaau2MSKmEKOEd0F2swQxAOagaKS1ddmMpXkcMNTgp9m8F22j9hkNL2WKg%3D%3D\"}]}\r\nlocation: /\r\npriority: u=1,i=?0\r\nset-cookie: proxy_cf_session_id=deleted; Path=/; Domain=.kra46l.cc; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:01 GMT\nsession_temp_active=1; Path=/; Domain=.kra46l.cc; Max-Age=5400; Expires=Tue, 25 Nov 2025 19:37:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9a4315c3eb411525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14155,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-25T18:07:19.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra46l.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 11:54:34 GMT","end":"Sun, 25 Jan 2026 09:51:13 GMT"},"fingerprint":{"sha1":"34:A2:75:7B:24:6D:DB:25:59:7D:48:E1:67:27:68:C3:7A:2F:FF:99","sha256":"EA:46:0F:50:6D:F1:46:1A:3C:BC:64:D0:C2:1E:7D:E6:58:8C:76:69:EB:BB:56:85:E3:3B:51:CA:C3:7D:99:A5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kra46l.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: http_refererq2=https%3A%2F%2Fmpk13.cc; tor_scheme_id=1764224460; tor_port=9086; session_id=a216ca31fbd763e412b59685298691a6; session_id_e=f3ea126a8d8e4344f0037b0bf0a81426; connecting_hash_lite_version=1764094039; connecting_hash=2a43a0dcee78c67b034853415fe127f4; onion_server_id=10; session_temp_active=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 25 Nov 2025 18:07:19 GMT\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CgF%2BXeJaN3exzJsJWUV4%2BdU8GrvOuvzK7%2B73Ubwd6bzYY2tG1q%2B6oAdcMDALmH45iUTFycWrdr2oLlk1Cvsk1A4UNy00DKtkVQ%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9a4315c41b451525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14155,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6195)","md5":"58fb7b21681c0091ea1b395af9035c79","sha1":"8dc0907b5ab60d7b9491d63338ad840a1eb0c696","sha256":"9d60d912d2189995c0ed04e9617e131608a434b0154ad3600d6dae78f0a3440d","sha512":"b6cae4a5619ef694d85b947aa3a22da941da1e7fb1d9b490d0fa24799d0e12bdba78593d213f2b7f78002311eb8fb416b654834fdea1889ac7ee96e7b26ae23e","ssdeep":"192:X2JPnIy9h21lSmESaJkmW9DawuJXP71FlMgvDLW9s6g7KrgCStg5FRa:W0lVEJJkmKaZz31vDOs6g79CStg5Fc","tlshash":"37523a3b6ba2601c1843c6b534f56b8e2c30d407e6029768fe7f96514fd6e421e23b8c","first_seen":"2025-11-25T18:07:45.126976Z","last_seen":"2025-11-25T18:07:45.126976Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/cloudflare_captcha_frame.php","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://kra46l.cc/","date":"2025-11-25T18:07:19.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra46l.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 11:54:34 GMT","end":"Sun, 25 Jan 2026 09:51:13 GMT"},"fingerprint":{"sha1":"34:A2:75:7B:24:6D:DB:25:59:7D:48:E1:67:27:68:C3:7A:2F:FF:99","sha256":"EA:46:0F:50:6D:F1:46:1A:3C:BC:64:D0:C2:1E:7D:E6:58:8C:76:69:EB:BB:56:85:E3:3B:51:CA:C3:7D:99:A5"}}},"request":{"raw":"GET /cloudflare_captcha_frame.php HTTP/1.1\r\nHost: kra46l.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra46l.cc/\r\nCookie: http_refererq2=https%3A%2F%2Fmpk13.cc; tor_scheme_id=1764224460; tor_port=9086; session_id=a216ca31fbd763e412b59685298691a6; session_id_e=f3ea126a8d8e4344f0037b0bf0a81426; connecting_hash_lite_version=1764094039; connecting_hash=2a43a0dcee78c67b034853415fe127f4; onion_server_id=10; session_temp_active=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 25 Nov 2025 18:07:19 GMT\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UqIUBrL1WbQyiUYfR7KnwzAEziJzlxo4YQ7mlHKwvrTNeUEaKfQIflnImdl7ls9MqqhH9kFbWz3hUcKjrYwnb1M%2B6%2BZdpjtYcg%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9a4315c46b501525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23040,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10956)","md5":"ffb534f10d098a7bb62704f6e482cba3","sha1":"c044f20cb4ee00738479480748c89723493684df","sha256":"db3f803bcff99263007198d96789bd5f54fdd502b03361d7fcd29bdd02c97ab9","sha512":"78e036b5aaa0f968bd6f539f33dc260d4070c36862e07679f4c173cb4ecfbf80cbb330803fbad7c8ed4b8ef11ea551c9931caba8e53fb81adda86a9b7d017528","ssdeep":"384:L21nb92GgAHLg6Okw+u0ekoorlzSZ2malpaVYcKty+NNv/:+EGE33lortDmalpx","tlshash":"ada2e72341d405b9b016c3e993e5b59ab5324517af92b427f29d0ab1cfc84ef2763b8c","first_seen":"2025-04-16T09:39:52.277798Z","last_seen":"2025-12-11T13:00:26.347314Z","times_seen":89,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=794d630be9c098f7","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra46l.cc/","date":"2025-11-25T18:07:19.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra46l.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 11:54:34 GMT","end":"Sun, 25 Jan 2026 09:51:13 GMT"},"fingerprint":{"sha1":"34:A2:75:7B:24:6D:DB:25:59:7D:48:E1:67:27:68:C3:7A:2F:FF:99","sha256":"EA:46:0F:50:6D:F1:46:1A:3C:BC:64:D0:C2:1E:7D:E6:58:8C:76:69:EB:BB:56:85:E3:3B:51:CA:C3:7D:99:A5"}}},"request":{"raw":"GET /cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=794d630be9c098f7 HTTP/1.1\r\nHost: kra46l.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra46l.cc/\r\nCookie: http_refererq2=https%3A%2F%2Fmpk13.cc; tor_scheme_id=1764224460; tor_port=9086; session_id=a216ca31fbd763e412b59685298691a6; session_id_e=f3ea126a8d8e4344f0037b0bf0a81426; connecting_hash_lite_version=1764094039; connecting_hash=2a43a0dcee78c67b034853415fe127f4; onion_server_id=10; session_temp_active=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aVh2eyN%2BAu%2Bg4AFFt%2BImJ6gnXdfv7xLGK%2FyYyTU%2FiGELsnMXyeHuG8wJE9UTU2KRKaHMB2hNEoNKMy9krRKLFKjgVkSMHIsGFg%3D%3D\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Tue, 25 Nov 2025 18:07:19 GMT\r\ncf-ray: 9a4315c46b541525-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":151,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"45efc4779b2e6b43ed200755328af518","sha1":"badb6097a3c8fad00517f38352ba72b9f7b6637b","sha256":"d66dd0f2f24c4343661a5396e1ba76782fe651f7d422209eded956ebf90900fc","sha512":"862ceb668672d90ed3da9419ca69bf0214b5c34dec2353fea792a75fb1c0c2e5fd54e6e56cf1e9d4d60c4eaa7d98411f5cb5e128be2661d9bbd084d0dbd085e0","ssdeep":"","tlshash":"a1c02b3d35637e0c8563303522c3b190d0c6833774ba00220500c00330cb2e9cac33d7","first_seen":"2023-09-18T10:37:28Z","last_seen":"2026-04-05T05:16:38.957119Z","times_seen":12879,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra46l.cc/favicon.ico","fqdn":"kra46l.cc","domain":"kra46l.cc","tld":"cc"},"ip":{"addr":"104.21.25.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra46l.cc/","date":"2025-11-25T18:07:19.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra46l.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 11:54:34 GMT","end":"Sun, 25 Jan 2026 09:51:13 GMT"},"fingerprint":{"sha1":"34:A2:75:7B:24:6D:DB:25:59:7D:48:E1:67:27:68:C3:7A:2F:FF:99","sha256":"EA:46:0F:50:6D:F1:46:1A:3C:BC:64:D0:C2:1E:7D:E6:58:8C:76:69:EB:BB:56:85:E3:3B:51:CA:C3:7D:99:A5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kra46l.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra46l.cc/\r\nCookie: http_refererq2=https%3A%2F%2Fmpk13.cc; tor_scheme_id=1764224460; tor_port=9086; session_id=a216ca31fbd763e412b59685298691a6; session_id_e=f3ea126a8d8e4344f0037b0bf0a81426; connecting_hash_lite_version=1764094039; connecting_hash=2a43a0dcee78c67b034853415fe127f4; onion_server_id=10; session_temp_active=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 25 Nov 2025 18:07:19 GMT\r\nserver: cloudflare\r\nlast-modified: Sun, 09 Feb 2025 16:09:29 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aOy5JhzE600ROpj7bvIqzApKCwoMLVoFc1ndwGtNC7%2FmLMxZjmo9z17Y4jfV7y7K%2FAmO5VYx7hAiNWde13uGNCdIQDLs0cqSzA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncontent-type: image/vnd.microsoft.icon\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"256-62db7d10c4fa0\"\r\ncf-ray: 9a4315c47b551525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":598,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced","md5":"88dce50c34a848e75b6c7d916711e6b9","sha1":"0355f55c57c14900477cc886f3345b1e898fe28e","sha256":"4f0b7e5217318eedc1b42ca1ce5e128c649c97082912f1d800eec1325207ad96","sha512":"f6e0828ce51c9e2cb462b4884f01a5fb7083e4f26eeea1b596c5d04144b9226efb62347199546ce81e0473d97231cb1f6468ccc94e620cf83ffd9035fb63eed5","ssdeep":"","tlshash":"faf00ce3e838f489c98e2ca222911201da7585a723800819b6fac008ac20b885933f92","first_seen":"2023-05-10T12:46:36Z","last_seen":"2026-04-05T00:28:07.836235Z","times_seen":3423,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-25","alert":"Sinkholed","trigger":"kra46l.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}