{"report_id":"36238526-3408-4ade-9c41-00b55c2b7267","version":6,"status":"done","tags":[],"date":"2025-11-15T11:34:51Z","url":{"schema":"http","addr":"kra-43-cc-c.ru","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":0,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"final":{"url":{"schema":"https","addr":"kra-43-cc-c.ru/","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"title":"Kra43 CC — лаборатория запахов и авторской ароматерапии","dom":{"size":8170,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"ae21cb4a5956d5c61042046e9a6e5d9f","sha1":"aad480030622ecc8ca681174235615a094737c66","sha256":"20cf364b1d7f172767d5784b920d40d728456269a19b00be1e2c038364c6412e","sha512":"00f34dd26fc73f42f6751af24f5a720dfc30a411970de6db499d9d5473a084156ab7359e10836b7c58117814c8119ec8751f21804ab59c9231d9189ceef16f35","ssdeep":"192:iLfzBhrg9hJu36bDJOOYlweysjQ5eJYBrEFcHENBiRMiz:eXVqhFYjjQ5SYuFcHE3iRMiz","tlshash":"9cf163722cf9446b0241d155f9616e0d7ca9883fab4b674034ec099e2fe2f94c97bb0d","dom_hash":"domhasha606218148e7d5f9c5fd439fe50108e3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kra-43-cc-c.ru","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":0,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-20T11:34:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"kra-43-cc-c.ru","ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2025-11-13","domain_rank":0,"first_seen":"2025-11-15T11:34:51.395422Z","last_seen":"2025-11-15T11:34:51.395422Z","alert_count":20,"request_count":10,"received_data":149114,"sent_data":4396,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-09T22:13:15.598397Z","alert_count":0,"request_count":3,"received_data":48697,"sent_data":1704,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-09T22:13:15.523411Z","alert_count":0,"request_count":1,"received_data":6432,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kra-43-cc-c.ru/","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"09dafc7095fc463b3b2f2f4b1076ba1d","sha1":"6a3c121e9f1e8eddb2ae0136837060ba453aec93","sha256":"39f4e0f159b7c12149e664515646c8e9f02e137a5a4f244536b53ea419b3d562","sha512":"dc7aaa0f3734befe8c7dcb7002dd9caa111348c8ba7d73e8bd1486c2af8a019c1071420b1178bb562717bf755df55d19f53dc8477bcfcc41eeca2c24ac8d149c","ssdeep":"","tlshash":"17f020ba3c894434c3b712a92bb391493039352f340eed51f94c58a23f9086508ab91c","size":572,"data":"","first_seen":"2025-11-15T11:34:56.722702Z","last_seen":"2025-11-15T11:34:56.722702Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/script.js?v=1763206470142","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2e5f01eed330cfad72e22d171ec1749","sha1":"9c81921fe97e02ec40c23b5f507af69689a565bb","sha256":"77c7d269caf37befd70862d3923d53482bbf7df66a23625e3db02db70ae4da55","sha512":"25c33a9e8c8bc447aa734bc2498b8708ec54d1fc4bcfaca155e1c890a023a87078df90fe749c3a8cc56516a67491251babadfcf7d3921058bcb691a75a87c2d7","ssdeep":"","tlshash":"1a11ba7216615efa20a2716b9d48a68cf4fb00ff3c8f122139285ca82d701b44368e99","size":906,"data":"","first_seen":"2025-11-15T11:31:08.952653Z","last_seen":"2025-11-15T11:43:02.310161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"eventHandler","is_inline":false,"md5":"e56ddbb05a974a6bc5ea44661e509a21","sha1":"448d4cb69f9441e10731b1ff4aa9dc81502589bd","sha256":"1759e8c6c2ce9c987245281cd33bb9260ce82e31b604131a5da486db89369913","sha512":"a3b2b0accbc0f18d13fc0eb6d742a5bf00a9614399e05b97b96ed0963e7d29b5868f73ef541c5f5bf8d125e7f7040d03f39cc853a52ffa2f1e2ebb7a20165242","ssdeep":"","tlshash":"7b700008080000800a002c00e000020080c2000802202008c020a8a0082c088808f800","size":21,"data":"","first_seen":"2023-04-10T22:51:51Z","last_seen":"2026-04-03T22:00:57.296067Z","times_seen":39535,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"88a4ad743e7414b94885a65c8ff040e1","sha1":"43eb4a6f57aad7d90f6f37e7ce3b3323620c6c0d","sha256":"981e63e4efd55ea334703c756d37e8f6090b14c11d4e486c1d29bc43513b64b4","sha512":"f3d14804d63ab29d9bc83bc4d4761890ff4e0f5ddef344a7f1603eb38e3587819ec48273cb5b815be07d9676d94611e1425bb419fa8d781bf82e2e71e4fe3198","ssdeep":"","tlshash":"5e31363a7970112105f64057b5fb2d087475480f7a41e3847edc4a49493bfdda1b6f4e","size":1613,"data":"","first_seen":"2025-11-13T22:31:07.88296Z","last_seen":"2025-11-24T10:35:12.358561Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kra-43-cc-c.ru/style.css","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: text/css\r\nContent-Length: 6165\r\nLast-Modified: Fri, 14 Nov 2025 06:57:08 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c4-1815\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6165,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"1a9c8e1472d32a21842192a38e8b1d54","sha1":"01ffc88f3e03f94fef600552f7ee82f7768a1dc9","sha256":"1303331589ea25aa8c0455b2b4d22f013ae35b6dc5b96346cd6108f9c8c32f8a","sha512":"d70994ce7b1592237d35345116f69437b3bd398da7517f1224d0c62b48cfaa07a0244d887b7d576993691dbe1b2ba792e59e9b6df0ec01b82cec57a138e6ccf5","ssdeep":"96:dFKdzNh+2FXZwfOH3fgtV3oQwqw8DUeXliTiqt4RPWlKhXSr5qx44:dctboWH34u7+PWBr5q3","tlshash":"16d1ed99ea0811017232dfb4bf228b66bb958062870606febff05058b6c97795671fdc","first_seen":"2025-11-13T22:31:07.863045Z","last_seen":"2025-11-24T10:35:12.353864Z","times_seen":14,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/images/1.png","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /images/1.png HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: image/png\r\nContent-Length: 11717\r\nLast-Modified: Fri, 14 Nov 2025 06:57:11 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c7-2dc5\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11717,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"Blender:File:C:\\Projects\\captcha\\captcha-3.blend\", comment: \"Blender:Date:2023/02/15 01:37:05\", comment: \"Blender:Time:00:00:00:00\", comment: \"Blender:Frame:000\", comment: \"Blender:Camera:Camera\", comment: \"Blender:Scene:Scene\", comment: \"Blender:RenderTime:00:00.07\", baseline, precision 8, 380x120, components 3","md5":"5f8b4f2b6dbf5798dc35b7a6c31f822a","sha1":"d38fc55a37e56a6cdc3157f434191d43e2c66add","sha256":"d5c9542789cd43113a9efd469f7d474f4f54bf7006de7e32dab33ed563024d17","sha512":"16835a0525fecbab43d5c2f09e8439eae536c0fc6a18834a12d2c8066208f1c5601b0f55239d10400a56fe62ec84b4d4aa8348cd4d0b9baaf52d0699529e639e","ssdeep":"192:/syaxJ9eGVjOjUPY9tsTovGSbsiTazLPvVZrnoDl38XLBxtAQg2W:kyifeGsUAfswGmsiTsrDrnoB8XHY","tlshash":"a932c011d3e3eb2794bfc975c5cc4542c37e2c41b05811af27e95a0eb0c6baa768de0a","first_seen":"2025-06-27T14:25:42.763406Z","last_seen":"2025-11-27T16:08:04.683101Z","times_seen":33,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":250,"dns":0,"connect":8,"send":0,"wait":9,"receive":1,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-43-cc-c.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20612\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 12 Nov 2025 23:41:40 GMT\r\nexpires: Thu, 12 Nov 2026 23:41:40 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:15 GMT\r\ncontent-type: font/woff2\r\nage: 215570\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20612,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20612, version 1.0","md5":"b07da7aa3e4f363c5cdbc11312239e8c","sha1":"47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8","sha256":"e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa","sha512":"420729406b315d8af34b62b78f39e763f5cf33cbf94467457b393fde0573dd7ffc6a23f25680988f9b82a4a3b719876ff76f3e1db047ce82615f544fc3a82532","ssdeep":"384:k5Eu+yl5Y9RpwjjmD/8Qu+POP9w+oB7rezldH9W4EMs8qCr9WvS80M8T4PTEXPFw:YEu+/Jw3FF+WP9DC/ez79jcCrb8BK4Eq","tlshash":"8192df6bce71497ac711262c773917addb8b44f627f91f2ba0562411c7b8e015c2cc7a","first_seen":"2025-01-09T06:25:34.419113Z","last_seen":"2026-04-03T21:56:30.208328Z","times_seen":45604,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":97,"dns":1,"connect":22,"send":0,"wait":23,"receive":7,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/favicon.ico","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 101392\r\nLast-Modified: Fri, 14 Nov 2025 06:57:07 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c3-18c10\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101392,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel","md5":"43c85273b4ffd1311892b0b527407e30","sha1":"e34da69cef0622072b99bf9f865bbbb3d4bac300","sha256":"e96845bcd9e448763b3e667e7186cb25270f664a680c479cf33074dcf2aed3dd","sha512":"f282496529c943611f6dbe100c3d73764175e20ec43ad3244c53b16e6db6d5c5782bcb0baa2dd7659cfc589e2d2e609a69ebeb9c3aedc63d4ea82894b2b08b82","ssdeep":"192:1NIrfSnBw6OnFlEkEkEkEdHHHTHHHPUkU93jX9Rhkuncw+0xXz4Rv:18SnBw/YHHHTHHHE3jX97xcw+014d","tlshash":"aca35350b2d6f61ad1d876344c93ce792331ac958c175b2b32ce7f9b39f42a629093e4","first_seen":"2024-10-16T16:01:12.238269Z","last_seen":"2026-03-30T15:52:23.276858Z","times_seen":401,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/icons/icon.svg","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.095Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /icons/icon.svg HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 1682\r\nLast-Modified: Fri, 14 Nov 2025 06:57:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c6-692\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1682,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8155b5a1de4d4c47da7bba99b03120e3","sha1":"6dfa7536ce273c5b4ce580e7ddf560d0cf8e5e58","sha256":"2ff692ff73df7225162203982e4ba8f86dde13fcdabbfe6a2bb9f24b253d108e","sha512":"e41f72b8d6ed4f4f6d626f257f64e94ab706115c796bb58464f6515c1d73e54eb3bd613adb02f9a01123138e83d03e0dd7720e38fb9e729289d9da47a2564eb2","ssdeep":"","tlshash":"963166f2c5eae5e049057ff4d83780adbd672cfe7f88ca99c1846c54914847ce44d848","first_seen":"2025-11-07T18:36:06.461905Z","last_seen":"2026-02-03T08:21:52.15307Z","times_seen":293,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":259,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-15T11:34:29.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:29 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8276,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"b5dc2bc8d3130423b979d466b93b8bef","sha1":"4b9f5c6cadb8853d68810b08ca96b2ac756f012c","sha256":"aadde1772b08084760e3aa6ed767ee7983c10a65105ede210586b2dd41b1562a","sha512":"6cc0810142f155ebfaf5619a1f0496f90201f170e255e448f72b2137945741a0d84753f8235e8b20ec7c78cd9dc5ec439e7bf2e7b89ed2f6c971bce2587d3cbc","ssdeep":"192:Fb0Exrq79hJO5oDqvObJhlEBq1/6HhfRZAy9yMFE1KiOriT:2uXlGbuqh6HdRGy9yMFEEiOriT","tlshash":"ec026fb228c5446b0232d265fe21ae4dfda9843fab46174034ec199f2ff2f54c967a09","first_seen":"2025-11-15T11:34:56.716763Z","last_seen":"2025-11-15T11:34:56.716763Z","times_seen":1,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":56,"dns":27,"connect":8,"send":0,"wait":9,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"86:F4:DF:07:D6:8D:EF:68:44:7A:73:C8:39:14:1A:2F:98:5E:A2:40","sha256":"A0:B7:4F:94:25:40:33:52:BC:F7:0A:E1:AD:30:BD:19:C3:E9:BB:25:0B:05:26:7C:F8:BB:F0:59:3B:E7:F2:8D"}}},"request":{"raw":"GET /css2?family=Roboto\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 15 Nov 2025 11:34:30 GMT\r\ndate: Sat, 15 Nov 2025 11:34:30 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5746,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"017672004526d49c616a83a1885ca6cb","sha1":"317c4a759af5149d1777a5c195c2030c842d4b70","sha256":"6ad67efe8c01a7f843a39344a43ca877e30726dd0cae6db3ce719a22a63bbc70","sha512":"f1dbb144b98e0a05fcaefd0367bb48be095ce28add6c7e8e8ac4d6b4b31dd76e2a7edaa4587bb78841aac8d679c53ba06e7a98775e9c6eaeee11c18c4f251ed7","ssdeep":"96:1OEbaNllOEbaNsFZKOEbaNWOEbaNVTOEbaNVy+aZjzBrgOEbaNIubqGIFuV4yOE6:2NlmNMNVNVkNVqbNfbqGIwV4BNdNzwNY","tlshash":"9bc1fd91041704409b835cd227ce7f34fe1f92116544d0b9abfc9b6beddbda6426836e","first_seen":"2025-09-08T23:56:02.073922Z","last_seen":"2026-03-05T16:22:21.514891Z","times_seen":5277,"resource_available":false,"data":null}},"time_used":498,"timings":{"blocked":217,"dns":2,"connect":28,"send":0,"wait":47,"receive":0,"ssl":199},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/icons/logo.svg","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /icons/logo.svg HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2054\r\nLast-Modified: Fri, 14 Nov 2025 06:57:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c6-806\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2054,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"32af2241a3864f4e7369bfb2b2fcfda4","sha1":"1a4aed10196429235c0d0967a31534d8ea90b812","sha256":"b028caf4a97470b1369995fc4e28d618cf3fb4be1699cf5e25abf6674cb2a51e","sha512":"49cbd3f9d1028ba4bc94e541240936b6321ce29d159f472525bdf0eccf0023ba012f3f8f92a5348e0eca2a409e2ac1d38b3de2beaac111c0b11e0b306758cdde","ssdeep":"","tlshash":"094120d94984f534b9818ffe5a29b025f237fce4f202c1e449c3250769810ad2aaddaf","first_seen":"2025-11-07T18:36:06.461068Z","last_seen":"2026-02-03T08:21:52.150038Z","times_seen":293,"resource_available":false,"data":null}},"time_used":541,"timings":{"blocked":261,"dns":1,"connect":8,"send":0,"wait":13,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/icons/mail.svg","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /icons/mail.svg HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 809\r\nLast-Modified: Fri, 14 Nov 2025 06:57:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c6-329\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":809,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"cd832466ea589ad994e3ae72763ae896","sha1":"b107bd3afce1c7d5f07d35a421c49977dfc147c8","sha256":"b86009a5afd5d7aa26ae67c56006094d56fdd08206dbaa19f69fef614b5abf7c","sha512":"531f89f01b1e9aecb3523a986475a495ac9adf6bd8380727363300cb7ef2a9d6a7448d281a9172afa246dbc552a8593a40525b22497f3a1276d5f6aa00e39d8f","ssdeep":"","tlshash":"b901aff1e7b5b584d30a57b18df0b55f320b29a91d7389c89452ad9cd264dad0714c14","first_seen":"2025-11-07T18:36:06.462669Z","last_seen":"2026-02-03T08:21:52.154426Z","times_seen":293,"resource_available":false,"data":null}},"time_used":547,"timings":{"blocked":255,"dns":1,"connect":8,"send":0,"wait":12,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/script.js?v=1763206470142","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /script.js?v=1763206470142 HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 906\r\nLast-Modified: Sat, 15 Nov 2025 07:20:20 GMT\r\nConnection: keep-alive\r\nETag: \"691829b4-38a\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":906,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"a2e5f01eed330cfad72e22d171ec1749","sha1":"9c81921fe97e02ec40c23b5f507af69689a565bb","sha256":"77c7d269caf37befd70862d3923d53482bbf7df66a23625e3db02db70ae4da55","sha512":"25c33a9e8c8bc447aa734bc2498b8708ec54d1fc4bcfaca155e1c890a023a87078df90fe749c3a8cc56516a67491251babadfcf7d3921058bcb691a75a87c2d7","ssdeep":"","tlshash":"1a11ba7216615efa20a2716b9d48a68cf4fb00ff3c8f122139285ca82d701b44368e99","first_seen":"2025-11-15T11:31:08.952653Z","last_seen":"2025-11-15T11:43:02.310161Z","times_seen":4,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/icons/bell.svg","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /icons/bell.svg HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2007\r\nLast-Modified: Fri, 14 Nov 2025 06:57:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c6-7d7\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2007,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"82f8ae5b95d9804d75e342908cbb80b9","sha1":"613a041672a98c0be5c5ef8ad6fca3f9be4fc069","sha256":"16981528917d428ad33dda9d3eb796177afdd0b6667379081c5518927a1a9a03","sha512":"6c060b0efc5aaa5013ea23358b8da1bf41f4506d80b7bc35bfc3f71d89713c71c7a9be75a5845199058ec5c9adcdba36063184245f1860fd890269205d052f49","ssdeep":"","tlshash":"2a4111f5d6c9f1e0a446abd99f2a919a339e30ff3b91dac602449ac0e012038988cc14","first_seen":"2025-11-07T18:36:06.45735Z","last_seen":"2026-02-03T08:21:52.157049Z","times_seen":293,"resource_available":false,"data":null}},"time_used":536,"timings":{"blocked":251,"dns":2,"connect":8,"send":0,"wait":13,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmQiArmlw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmQiArmlw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-43-cc-c.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 11840\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 13 Nov 2025 05:39:47 GMT\r\nexpires: Fri, 13 Nov 2026 05:39:47 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:11 GMT\r\ncontent-type: font/woff2\r\nage: 194083\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11840,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11840, version 1.0","md5":"a0f8baa16418514a286278c0a773d3a6","sha1":"e3029db449750770ccb50c74364a7ef61e8ddb36","sha256":"fe56d0d137acb0f9b17754d3670f5ecaee2185548dd9a8c44535a5f194117ddc","sha512":"c66f50263acfe1ca68e2f3999f76a9c73fc09fcb54ebec4949bca670d63bdcd68e9c9ae8b83ad69da84c9cf8627b6b84e2777b9112cafd7c62fcf8f9e799c39a","ssdeep":"192:hxLRc1v0nOzVBEm+alnYKZEiy2FqJ+/TUabyEF731idesuGqJwx8VyFH:hxLu0eVBEbayKXq0byEF7Fide0qFVyFH","tlshash":"8c32bf0e77904994e073f26712612571e9f9e3dd1bc66f80b1409d4ca88ee466bccc35","first_seen":"2025-01-14T08:51:39.832648Z","last_seen":"2026-04-02T04:03:41.620543Z","times_seen":1851,"resource_available":false,"data":null}},"time_used":442,"timings":{"blocked":206,"dns":1,"connect":21,"send":0,"wait":22,"receive":5,"ssl":181},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmaiArmlw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmaiArmlw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-43-cc-c.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 13740\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 12 Nov 2025 23:00:18 GMT\r\nexpires: Thu, 12 Nov 2026 23:00:18 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:07:10 GMT\r\ncontent-type: font/woff2\r\nage: 218052\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13740,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 13740, version 1.0","md5":"0ed27c0cc21140f52d29c938c6738a5b","sha1":"e4fc295db7f45d31f6df3ccfec943efbfa477547","sha256":"fdd953c288159a1f149911720d8a19fad17dc80f1a0609948cfa1458c368899d","sha512":"19c298eede11ec174fba54ca4f1ded4514ee66a260ed3392de28a457e31653324ffc8abdb1637ba624c29de80c4712ee4441d8b4edacbe37474a4f5df7be8ef9","ssdeep":"384:WsTCRAb6hZLoPpXarDsJ9IEMxnymmSRg0z:BR6hB+9JuthVz","tlshash":"bd52d08922467bbfe3cf6ce5f6464c9f83d3121052e718f19ac184d4fbb6166c941d12","first_seen":"2025-01-14T01:42:40.251339Z","last_seen":"2026-04-03T13:37:05.367287Z","times_seen":3246,"resource_available":false,"data":null}},"time_used":399,"timings":{"blocked":184,"dns":0,"connect":20,"send":0,"wait":22,"receive":4,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-43-cc-c.ru/images/5.png","fqdn":"kra-43-cc-c.ru","domain":"kra-43-cc-c.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-43-cc-c.ru/","date":"2025-11-15T11:34:30.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-43-cc-c.ru","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:44:05 GMT","end":"Wed, 11 Feb 2026 16:44:04 GMT"},"fingerprint":{"sha1":"23:F3:FF:BB:2B:59:2A:A4:7B:8A:9E:2E:41:16:4F:D6:C7:50:22:01","sha256":"F6:15:97:D4:05:24:E4:B1:25:01:10:64:1F:55:FF:FB:5A:B0:11:74:78:A7:6E:FE:EE:51:8D:61:6B:9E:66:A9"}}},"request":{"raw":"GET /images/5.png HTTP/1.1\r\nHost: kra-43-cc-c.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra-43-cc-c.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:34:30 GMT\r\nContent-Type: image/png\r\nContent-Length: 11793\r\nLast-Modified: Fri, 14 Nov 2025 06:57:12 GMT\r\nConnection: keep-alive\r\nETag: \"6916d2c8-2e11\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11793,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"Blender:File:C:\\Projects\\captcha\\captcha-3.blend\", comment: \"Blender:Date:2023/02/14 21:59:46\", comment: \"Blender:Time:00:00:00:00\", comment: \"Blender:Frame:000\", comment: \"Blender:Camera:Camera\", comment: \"Blender:Scene:Scene\", comment: \"Blender:RenderTime:00:00.16\", baseline, precision 8, 380x120, components 3","md5":"11e88b8b395230241ff38f05c81932d8","sha1":"b743f869f3ed94c6bce967f11988bfcbd7e80faa","sha256":"dc3077a514ab2d884640a9fe0c123dd5eb6e184868825f363530125cf1e14b2a","sha512":"bcb6c1dbec72c07f195f80f867a9fdfc90fee27923ebe6447058783a893830dcbce609a83b5be2306255848744c742880c1904e3bd9f126ab931b5fd88a7ad5c","ssdeep":"192:B2ymbmZhcjQM/z+eut/+e5ZsoARBJ0CfXMM85tOafQdljDKbm6i+526vQsOOR:Eymbm7cL7+eut/dIoyBJ//OOaId8bNYC","tlshash":"f832ae72dbd4c754cca58b7495596ca4db00acc9faf04f321ab2cada75c04b2f86c0a7","first_seen":"2025-11-14T04:01:27.378164Z","last_seen":"2025-11-15T11:34:56.721568Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kra-43-cc-c.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}