{"report_id":"33b592cf-a450-4ce5-a02d-410908e59389","version":6,"status":"done","tags":[],"date":"2026-03-28T00:22:08Z","url":{"schema":"https","addr":"kr44at.space/","fqdn":"kr44at.space","domain":"kr44at.space","tld":"space"},"ip":{"addr":"104.21.77.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kr44at.space/","fqdn":"kr44at.space","domain":"kr44at.space","tld":"space"},"title":"slon4.cc | slon4.at","dom":{"size":19939,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14754)","md5":"4ca24eac83a7a84df74c1ea2e1993183","sha1":"04c72f65749ac50feb3e0cea96e2079606545c36","sha256":"21b9f0c0a06b23b2ffd60972667c214f27dd31db17d0530027f4801f8d02251d","sha512":"ba704ea836ce3747f235caf9d6571b80248b2b8f66b9b4f995710d7ae6860b4fcc4952868bbc4d59a5c9696a77fd7bd061d8fa872a88f03785da10caba756967","ssdeep":"384:Insc/KWdPI4KjnRnnqokqNMZGMrL0QXd2USZFx:xcisPIVnRnnoq+GMTXd25Fx","tlshash":"cb92af363357482d7d55e0286f46ad8d6aa4c037d146dca83e0c69c66fc33e086b7b8e","dom_hash":"domhasha90b25c0b82539c335496d6ad5c1debd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"kr44at.space/","fqdn":"kr44at.space","domain":"kr44at.space","tld":"space"},"ip":{"addr":"104.21.77.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T00:22:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"kr44at.space","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-10","domain_rank":0,"first_seen":"2026-03-28T00:22:08.121805Z","last_seen":"2026-03-28T00:22:08.121805Z","alert_count":6,"request_count":3,"received_data":22905,"sent_data":1413,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kr44at.space/","fqdn":"kr44at.space","domain":"kr44at.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"273a567817a222ea36919fed78ed00ab","sha1":"f06cf879535c926fcbfac6a0db31e6706f6ca8c9","sha256":"11704e45a48552b3c0b2401e267c18d07102c0519b68178b4a4560ef631fde1c","sha512":"95502cfd7842634e46346f85c7355dfddaeec1781591dfd4d3db8fd11dc63682f297e550ae952353dd5aa181d547b24165cbf023ddb4038a79d86c1be62c9681","ssdeep":"","tlshash":"2ee02076e352410399e1e0258d70658c603000db6c49f6bad0597451710defb747bdba","size":341,"data":"","first_seen":"2025-03-05T21:23:04.354995Z","last_seen":"2026-04-16T21:17:11.179631Z","times_seen":171,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kr44at.space/favicon.ico","fqdn":"kr44at.space","domain":"kr44at.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kr44at.space/","date":"2026-03-28T00:21:43.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kr44at.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 04:02:37 GMT","end":"Sun, 07 Jun 2026 05:01:12 GMT"},"fingerprint":{"sha1":"F8:D0:5B:0A:0D:FB:14:8F:0C:EE:EA:6E:FD:D6:D8:CE:B1:E8:55:A9","sha256":"1E:A4:12:03:86:E7:AB:5F:EC:50:C5:B4:AF:66:02:B0:3E:FF:E2:5C:0C:65:2A:56:24:BB:9B:99:01:35:F0:36"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kr44at.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kr44at.space/\r\nCookie: scheck=1; cookref=https%3A%2F%2Fkr44at.space%2F; ses=0vhXKWQJ8CdFlrPZxW\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 28 Mar 2026 00:21:43 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Oct 2025 14:51:09 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QUDGxOeFNeFfIMyTZ6jsYW9HO4XdVGxnuvKDn4uV%2F6mmgAsZI1%2FBIRuPmR1vwaeXMfkBMd56W63mQcIQ2Bj1GjrZIeoadcur1oWYub3DdE6hht1PyCwh8xFIIlyS6fA%3D\"}]}\r\netag: W/\"68fb925d-256\"\r\ncontent-encoding: br\r\ncf-ray: 9e3279f4ebfa712a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":598,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced","md5":"88dce50c34a848e75b6c7d916711e6b9","sha1":"0355f55c57c14900477cc886f3345b1e898fe28e","sha256":"4f0b7e5217318eedc1b42ca1ce5e128c649c97082912f1d800eec1325207ad96","sha512":"f6e0828ce51c9e2cb462b4884f01a5fb7083e4f26eeea1b596c5d04144b9226efb62347199546ce81e0473d97231cb1f6468ccc94e620cf83ffd9035fb63eed5","ssdeep":"","tlshash":"faf00ce3e838f489c98e2ca222911201da7585a723800819b6fac008ac20b885933f92","first_seen":"2023-05-10T12:46:36Z","last_seen":"2026-04-24T08:53:24.267757Z","times_seen":3478,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kr44at.space/","fqdn":"kr44at.space","domain":"kr44at.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T00:21:43.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kr44at.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 04:02:37 GMT","end":"Sun, 07 Jun 2026 05:01:12 GMT"},"fingerprint":{"sha1":"F8:D0:5B:0A:0D:FB:14:8F:0C:EE:EA:6E:FD:D6:D8:CE:B1:E8:55:A9","sha256":"1E:A4:12:03:86:E7:AB:5F:EC:50:C5:B4:AF:66:02:B0:3E:FF:E2:5C:0C:65:2A:56:24:BB:9B:99:01:35:F0:36"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kr44at.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 00:21:43 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: scheck=1;Path=/;HttpOnly;Secure\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QVhAdVKYf82mjnTWKimJtc%2FEDRCM2D%2B46GyJq4itPQZcRlaRsfuVdaw4mK7T9b%2BiENk%2FXrHIu3oLIdTFvNkrwOygIa3OJofhHokLnNmZGFcsxgKLp58TEAadAywDiwU%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9e3279f27fdb56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5613,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"216cc8bb361602943bf0c9fb24c168e7","sha1":"c22aa419f969dd02d77b2330ce7deaaa98b9645e","sha256":"31ff108a3f257a94389ca6b479591b2c42d257335c17ddc0acf276b535cfd31f","sha512":"971a56ed9579eef610cf07f97c8e1ed43b5567f40cf61968bb7a75b7fecea6930816e7eaed97d3f59b64a0afdd99e0326258229c17c8dc2424838df32da3b18e","ssdeep":"48:xxeZ76d6MVCLlBgxeZ7UcdIp/asbyrn5aTiUfPYLn7xn6U6QMRoF/8aT9HVw/WJz:qIEGMIpa5aTiUf6n7iQfZTdyu7qFsejy","tlshash":"aec17663565b18093542d0386f967a0626a88077d80adca43fcc269e5fcfbd4d5f3b8e","first_seen":"2026-03-28T00:22:10.469093Z","last_seen":"2026-03-28T00:30:53.005521Z","times_seen":2,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":72,"dns":61,"connect":1,"send":0,"wait":102,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kr44at.space/captcha","fqdn":"kr44at.space","domain":"kr44at.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kr44at.space/","date":"2026-03-28T00:21:43.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kr44at.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 04:02:37 GMT","end":"Sun, 07 Jun 2026 05:01:12 GMT"},"fingerprint":{"sha1":"F8:D0:5B:0A:0D:FB:14:8F:0C:EE:EA:6E:FD:D6:D8:CE:B1:E8:55:A9","sha256":"1E:A4:12:03:86:E7:AB:5F:EC:50:C5:B4:AF:66:02:B0:3E:FF:E2:5C:0C:65:2A:56:24:BB:9B:99:01:35:F0:36"}}},"request":{"raw":"GET /captcha HTTP/1.1\r\nHost: kr44at.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kr44at.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: scheck=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 28 Mar 2026 00:21:43 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncache-control: no-cache\r\nset-cookie: cookref=https%3A%2F%2Fkr44at.space%2F;Path=/;HttpOnly;Secure\nses=0vhXKWQJ8CdFlrPZxW;Path=/;HttpOnly;Secure\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uU%2FkR2kpRCfTdXfUUmCtRCeDdxTdDgrBgCowSFpj4i7KoxAniZtsk6Ijj8HKcuSug0LYA84QM6vwQzIou9BVq8O%2FckHe2DkAYH%2BqrqBvvc3UXgrB%2BJBerpgiC4XG4sk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9e3279f45bc6712a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14676,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with very long lines (14676), with no line terminators","md5":"49a5ad3e25c2f268f74ed6eff7ad728d","sha1":"b10f3912481b1d5a3c8aae8217afa915fa1d8444","sha256":"9fbe231964a16de5283ac03e4d4dcbcf15cbdbe7d448c1ff89d7d15daeef7e17","sha512":"bca1f8b77993c203c3abec60870dcb3cad9319633d1676885f2aaec7ede190bfc365209448212af17fe394aa17cf567da8a0aec323736950e37002159a02598b","ssdeep":"192:TDNnwHUROc/poVQdPmgl+mwbvtBMKjnRNr56Aqo6DqNsj9UdYwdM/Qui3AysyTH+:dnsc/KWdPI4KjnRnnqokqNMZGMrL0QX/","tlshash":"9662bf387752d93efd696009a60accddee74cc1ad2d65c6d0901dcc2a4e23f24bbd992","first_seen":"2026-03-28T00:22:10.47185Z","last_seen":"2026-03-28T00:22:10.47185Z","times_seen":1,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kr44at.space","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}