{"report_id":"4a0cba38-4b48-403b-99fc-b2a7acc37132","version":6,"status":"done","tags":[],"date":"2025-11-07T02:33:35Z","url":{"schema":"http","addr":"moscowwebstudio.ru/kraken-market-plejs.html","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"91.236.116.20","port":0,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"final":{"url":{"schema":"https","addr":"kra4-2.cc/?ref=kra44.cc\u0026shop2go=/","fqdn":"kra4-2.cc","domain":"kra4-2.cc","tld":"cc"},"title":"Captcha","dom":{"size":19593,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15329)","md5":"75b2478591da6ece91b1cd9f34d5a7e5","sha1":"5514c92dea470f4418c722abe1b5dfc5de13057f","sha256":"47cb8033845550cde48b6a0aeec6da9eaefb5dcd45838a7b8ddf4ef12f9e348d","sha512":"604d58b8757de4f693ca02e7d64f802da0e1330b812083222997ccf1b80d7bf1db9e05f27ac253779f82af10e2bb4db468e8ae514d4964f89bfdcdcc800e0ecc","ssdeep":"384:CdnR6oCu0H4KanAYgMoSiQzmVYnRPXpKoS8Fx:S0Hon4VgxXpKoS8Fx","tlshash":"5492af1668970cd1bd40e86cbb4f74565e8de0339206ec283a5d67e4cfc66786a73b8c","dom_hash":"domhash5f62e83d5172dd86b6296fe9caabd934","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"moscowwebstudio.ru/kraken-market-plejs.html","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"91.236.116.20","port":0,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-12T02:33:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"moscowwebstudio.ru","ip":{"addr":"91.236.116.20","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2023-08-30","domain_rank":4010403,"first_seen":"2018-12-05T17:23:19Z","last_seen":"2025-10-29T05:52:01.827453Z","alert_count":0,"request_count":5,"received_data":52344,"sent_data":2539,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kra4-2.cc","ip":{"addr":"193.105.134.33","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2025-10-15","domain_rank":0,"first_seen":"2025-10-28T16:52:17.089828Z","last_seen":"2025-11-04T18:54:59.679025Z","alert_count":8,"request_count":4,"received_data":154568,"sent_data":7146,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-02T22:12:57.589972Z","alert_count":0,"request_count":1,"received_data":10794,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-02T22:12:55.494707Z","alert_count":0,"request_count":2,"received_data":68922,"sent_data":1101,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"moscowwebstudio.ru/kraken-market-plejs.html","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"91.236.116.20","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"d7da5e1670e111c4885539b9546ca077","sha1":"a60a3e55f418d02ebe552320a825cb7a1b1ad8c1","sha256":"27fde71158751aa3bb5abbd5af119e80a237be11c949a99eb04a878c6c44a31b","sha512":"ff3282464ba084e59fb7a743c147f39f5bb8c837251eb463bfec34eb74a11358197f56084bb3145c2ac8a68bdaf5af8cadf603cb57636bbe2f8ee1fb526e6d81","ssdeep":"","tlshash":"4a11b57d71360c78846b302ad8eaf38c3e715cebf8482670642c0c552cd0a16639aede","size":1063,"data":"","first_seen":"2025-10-28T16:52:23.980956Z","last_seen":"2025-11-07T18:36:06.469221Z","times_seen":129,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"moscowwebstudio.ru/kraken-market-plejs.html","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"91.236.116.20","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T02:33:12.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moscowwebstudio.ru","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 21:19:46 GMT","end":"Mon, 26 Jan 2026 21:19:45 GMT"},"fingerprint":{"sha1":"F4:93:0E:DF:06:D0:CD:37:19:63:E4:45:24:76:93:0C:2E:5A:16:21","sha256":"EE:3A:AB:F3:79:66:62:B0:DE:FF:49:3F:6F:CE:FD:43:9F:07:40:DA:87:B1:37:21:28:DB:0B:67:33:81:5B:60"}}},"request":{"raw":"GET /kraken-market-plejs.html HTTP/1.1\r\nHost: moscowwebstudio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 07 Nov 2025 02:33:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44613,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15784), with CRLF line terminators","md5":"f7e4581ecbdbf9a4de0ba7187575fca7","sha1":"51088729da185e6c58c0b3272ecbb5b84b42bc91","sha256":"de475b5b5ea0e6c97173e5c38db4af5e1977f28ae92ff8a238d42d07786ec62d","sha512":"9d1aa906a035a8843b0e5b7726f4a96c58e1757aeb1af8e8e56d72334d73c22a68a03ec2c4de9428d7d6de580a90a16e5573fc40f8e6d7f0c734debbe9f792d7","ssdeep":"768:e2+az7+jcVgmLhQ/LvOHkZrjmIqYC5NkDtdg2L04cp9fMxs4WKmPsRb9:F+az7LVMokBqIg5Nwdg2L04m9fws4WKN","tlshash":"2313b821929a359a1201f056dd087a09beda44ff7fa7521235ac3cbf3bf2134c66a359","first_seen":"2025-11-07T02:33:36.095655Z","last_seen":"2025-11-07T02:33:36.095655Z","times_seen":1,"resource_available":false,"data":null}},"time_used":595,"timings":{"blocked":106,"dns":21,"connect":8,"send":0,"wait":355,"receive":28,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"moscowwebstudio.ru/templates/KRAKEN_CAP/styles/style.css","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"91.236.116.20","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://moscowwebstudio.ru/kraken-market-plejs.html","date":"2025-11-07T02:33:13.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moscowwebstudio.ru","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 21:19:46 GMT","end":"Mon, 26 Jan 2026 21:19:45 GMT"},"fingerprint":{"sha1":"F4:93:0E:DF:06:D0:CD:37:19:63:E4:45:24:76:93:0C:2E:5A:16:21","sha256":"EE:3A:AB:F3:79:66:62:B0:DE:FF:49:3F:6F:CE:FD:43:9F:07:40:DA:87:B1:37:21:28:DB:0B:67:33:81:5B:60"}}},"request":{"raw":"GET /templates/KRAKEN_CAP/styles/style.css HTTP/1.1\r\nHost: moscowwebstudio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moscowwebstudio.ru/kraken-market-plejs.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 07 Nov 2025 02:33:13 GMT\r\nContent-Type: text/css; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nEtag: W/2582392313\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7386,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"e64a2c9536d74438497f49d7546dd238","sha1":"72f60e5616ce747a758e77056b1e9f35d5caf1fb","sha256":"b5f2f5b8acc41af5d1e493354718795990ecd36bfa05e02471546976c4c71b7e","sha512":"6fbb19853c1eea122f4ed7bffa1fbb138179897b343006a20c328f18cad24803381d10d62103218977a67154fb4f8bd0c133718729230d7ff54e7d41f31d95b4","ssdeep":"192:hVvIgYSG+I1dzTMsD7eLJu5f7wJCs52obc1pfutK:v+fP","tlshash":"2ee1bc49a6052005a2b3a97cbbb20b14eb6544635b8b91f979ec9348cff907942a1fdc","first_seen":"2023-07-05T20:50:20Z","last_seen":"2026-03-19T12:19:34.881959Z","times_seen":746,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"moscowwebstudio.ru/PARSE/DATA/IMAGES/37366893761_kraken-rabochee-zerkalo-kraken-ssylka-onion.jpg","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://moscowwebstudio.ru/kraken-market-plejs.html","date":"2025-11-07T02:33:13.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moscowwebstudio.ru","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 21:19:46 GMT","end":"Mon, 26 Jan 2026 21:19:45 GMT"},"fingerprint":{"sha1":"F4:93:0E:DF:06:D0:CD:37:19:63:E4:45:24:76:93:0C:2E:5A:16:21","sha256":"EE:3A:AB:F3:79:66:62:B0:DE:FF:49:3F:6F:CE:FD:43:9F:07:40:DA:87:B1:37:21:28:DB:0B:67:33:81:5B:60"}}},"request":{"raw":"GET /PARSE/DATA/IMAGES/37366893761_kraken-rabochee-zerkalo-kraken-ssylka-onion.jpg HTTP/1.1\r\nHost: moscowwebstudio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moscowwebstudio.ru/kraken-market-plejs.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":686,"timings":{"blocked":341,"dns":1,"connect":8,"send":0,"wait":0,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra4-2.cc/?ref=kra44.cc\u0026shop2go=/","fqdn":"kra4-2.cc","domain":"kra4-2.cc","tld":"cc"},"ip":{"addr":"193.105.134.33","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T02:33:14.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra4-2.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:17:29 GMT","end":"Wed, 14 Jan 2026 11:17:28 GMT"},"fingerprint":{"sha1":"EF:08:79:26:85:98:F5:B8:5A:58:83:86:6E:AD:AA:95:D3:B5:50:F7","sha256":"BE:BA:81:86:50:C2:57:AB:9B:DA:70:B3:ED:19:88:3F:45:29:C7:94:4E:3B:61:2B:48:B6:B1:D6:CA:01:BD:C1"}}},"request":{"raw":"GET /?ref=kra44.cc\u0026shop2go=/ HTTP/1.1\r\nHost: kra4-2.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://moscowwebstudio.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: kraken_pm=MTc2MjQ4Mjc5NHxEWDhFQVFMX2dBQUJFQUVRQUFELUEzYl9nQUFNQm5OMGNtbHVad3dRQUE1elpYTnphVzl1WDNOMFlYUjFjd1p6ZEhKcGJtY01CZ0FFZEhKMVpRWnpkSEpwYm1jTUVBQU9jMlZ6YzJsdmJsOWpiMjlyYVdVR2MzUnlhVzVuRFA0Qk93RC1BVGRqWmw5amJHVmhjbUZ1WTJVOUxsQkNkRzB5YzBaU01YaDZMbGxrTGs4MlUyNHhZbkJEUld4R05qZDRUbkJpUWpGNlVXVjNOSGxyUVMweE56WXlORGd4TXpjMkxURXVNaTR4TGpFdFpERkRaRk5LY0RJM2JrUnpPRVZvT1RKM1VrazNYMWhsUjI0MFJrdDROekE0Wkhsa05Ya3dWbFpHWkZSb2RFUkxjMVl4WkZabVIyWXhOM3BZUm0xb1JDNU5ZbFZsYUdkWFRHTlhWM0JEVjJGTlNGOVNWR0Z4TURWQ1ZVSlJiM1pDV0VsbmVETmtWa0ozVVZac05YbEpOV2xuYjJKVWNFUlhWRlZrZUc5amVqTktWVkJWVVhocFdEUmhVa015WTNwVGIwdEVSeTVQT0haMVlWbHNOSGx0Y1ZkcFdtVjBhWGRNTXpCaWRXOWtXbWxPUm1NdVdFdEJSWGR4YUV4MUxqSlRTMVZPTlRsamVtaHlVVmhhYkZKSlZrWkZVelpHVjFwUVVGTlJiREp3WDBORFdUSmhOak5RWjNBd2F3WnpkSEpwYm1jTUNBQUdjSFZ5Y0d4bEJuTjBjbWx1Wnd3R0FBUjBjblZsQm5OMGNtbHVad3dKQUFkamIyOXJhV1Z6Qm5OMGNtbHVad3dYQUJWelpYSjJaWEk5T3lCallYQjBZMmhoWDNWcFpEMEdjM1J5YVc1bkRBa0FCMkpoYkdGdVkyVURhVzUwQkFJQUFBWnpkSEpwYm1jTUJ3QUZjMmh2Y0hNRGFXNTBCQUlBQUFaemRISnBibWNNRHdBTmMyVnpjMmx2Ymw5d2NtOTRlUVp6ZEhKcGJtY01IUUFiYzI5amEzTTFPaTh2TkRVdU9EZ3VOemN1TWpReU9qRXdNVGt3Qm5OMGNtbHVad3dQQUExelpYTnphVzl1WDJsdVpHVjRCbk4wY21sdVp3d0ZBQU14T0RnR2MzUnlhVzVuREJNQUVYTmxjM05wYjI1ZmRYTmxjbUZuWlc1MEJuTjBjbWx1Wnd4eEFHOU5iM3BwYkd4aEx6VXVNQ0FvVjJsdVpHOTNjeUJPVkNBeE1DNHdPeUJYYVc0Mk5Ec2dlRFkwS1NCQmNIQnNaVmRsWWt0cGRDODFNemN1TXpZZ0tFdElWRTFNTENCc2FXdGxJRWRsWTJ0dktTQkRhSEp2YldVdk1UUXdMakF1TUM0d0lGTmhabUZ5YVM4MU16Y3VNellHYzNSeWFXNW5EQVlBQkd4cGJtc0djM1J5YVc1bkRCb0FHR2gwZEhCek9pOHZZMkZ3ZEdOb1lTNXJjbUUwTkM1all3WnpkSEpwYm1jTUJnQUVjR0ZuWlFaemRISnBibWNNQ1FBSFkyRndkR05vWVFaemRISnBibWNNQ1FBSGMzUmxZV3hsY2dOcGJuUUVBZ0FBfAqG7FupTGhk-yPkLSrrOjs6dvbFNrDtj8u3BQu89rUu\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 07 Nov 2025 02:33:14 GMT\r\nContent-Type: text/html;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCf-Cache-Status: DYNAMIC\r\nCf-Ray: 99a96cb95d059ffe-AMS\r\nContent-Language: en-US\r\nNel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=rCZaPpe2kw2ddwZV7hncl1TWqVLjdiqwiVtUyXnA9wf%2BZEpZe3NvurfB150LC1WVy%2BeAmRhy00xj0HpbNyI4rbAprCSlQexh0Bp%2Fmwf7AoU6SvRdNFqQxliq9pJht0By%2F4cEPspCjv1BGrXUTiI%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nServer-Timing: cfL4;desc=\"?proto=TCP\u0026rtt=1349\u0026min_rtt=1346\u0026rtt_var=383\u0026sent=6\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=3288\u0026recv_bytes=1600\u0026delivery_rate=2951824\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=5323e9b2f3cdbb21\u0026ts=204\u0026x=0\"\r\nSet-Cookie: kraken_pm=MTc2MjQ4Mjc5NHxEWDhFQVFMX2dBQUJFQUVRQUFELUEzYl9nQUFNQm5OMGNtbHVad3dQQUExelpYTnphVzl1WDNCeWIzaDVCbk4wY21sdVp3d2RBQnR6YjJOcmN6VTZMeTgwTlM0NE9DNDNOeTR5TkRJNk1UQXhPVEFHYzNSeWFXNW5EQkFBRG5ObGMzTnBiMjVmWTI5dmEybGxCbk4wY21sdVp3ei1BVHNBX2dFM1kyWmZZMnhsWVhKaGJtTmxQUzVRUW5SdE1uTkdVakY0ZWk1WlpDNVBObE51TVdKd1EwVnNSalkzZUU1d1lrSXhlbEZsZHpSNWEwRXRNVGMyTWpRNE1UTTNOaTB4TGpJdU1TNHhMV1F4UTJSVFNuQXlOMjVFY3poRmFEa3lkMUpKTjE5WVpVZHVORVpMZURjd09HUjVaRFY1TUZaV1JtUlVhSFJFUzNOV01XUldaa2RtTVRkNldFWnRhRVF1VFdKVlpXaG5WMHhqVjFkd1ExZGhUVWhmVWxSaGNUQTFRbFZDVVc5MlFsaEpaM2d6WkZaQ2QxRldiRFY1U1RWcFoyOWlWSEJFVjFSVlpIaHZZM296U2xWUVZWRjRhVmcwWVZKRE1tTjZVMjlMUkVjdVR6aDJkV0ZaYkRSNWJYRlhhVnBsZEdsM1RETXdZblZ2WkZwcFRrWmpMbGhMUVVWM2NXaE1kUzR5VTB0VlRqVTVZM3BvY2xGWVdteFNTVlpHUlZNMlJsZGFVRkJUVVd3eWNGOURRMWt5WVRZelVHZHdNR3NHYzNSeWFXNW5EQWdBQm5CMWNuQnNaUVp6ZEhKcGJtY01CZ0FFZEhKMVpRWnpkSEpwYm1jTUNRQUhZbUZzWVc1alpRTnBiblFFQWdBQUJuTjBjbWx1Wnd3UEFBMXpaWE56YVc5dVgybHVaR1Y0Qm5OMGNtbHVad3dGQUFNeE9EZ0djM1J5YVc1bkRCTUFFWE5sYzNOcGIyNWZkWE5sY21GblpXNTBCbk4wY21sdVp3eHhBRzlOYjNwcGJHeGhMelV1TUNBb1YybHVaRzkzY3lCT1ZDQXhNQzR3T3lCWGFXNDJORHNnZURZMEtTQkJjSEJzWlZkbFlrdHBkQzgxTXpjdU16WWdLRXRJVkUxTUxDQnNhV3RsSUVkbFkydHZLU0JEYUhKdmJXVXZNVFF3TGpBdU1DNHdJRk5oWm1GeWFTODFNemN1TXpZR2MzUnlhVzVuREFZQUJHeHBibXNHYzNSeWFXNW5EQm9BR0doMGRIQnpPaTh2WTJGd2RHTm9ZUzVyY21FME5DNWpZd1p6ZEhKcGJtY01CZ0FFY0dGblpRWnpkSEpwYm1jTUNRQUhZMkZ3ZEdOb1lRWnpkSEpwYm1jTUNRQUhjM1JsWVd4bGNnTnBiblFFQWdBQUJuTjBjbWx1Wnd3UUFBNXpaWE56YVc5dVgzTjBZWFIxY3daemRISnBibWNNQmdBRWRISjFaUVp6ZEhKcGJtY01DUUFIWTI5dmEybGxjd1p6ZEhKcGJtY01Gd0FWYzJWeWRtVnlQVHNnWTJGd2RHTm9ZVjkxYVdROUJuTjBjbWx1Wnd3SEFBVnphRzl3Y3dOcGJuUUVBZ0FBfB5-hMFz1hq3oM1-DAO4C-z6ADJnp_HbytDVzDl1jsU3; Path=/; Expires=Sun, 07 Dec 2025 02:33:14 GMT; Max-Age=2592000; Secure; SameSite=None\nkraken_pm=MTc2MjQ4Mjc5NHxEWDhFQVFMX2dBQUJFQUVRQUFELUE1el9nQUFNQm5OMGNtbHVad3dKQUFkamIyOXJhV1Z6Qm5OMGNtbHVad3c5QUR0elpYSjJaWEpmYVdROVkzTnlkbDh4TkRzZ2RYTmxjbDlwWkQwN0lITmxjblpsY2owN0lHTmhjSFJqYUdGZmRXbGtQVHNnY205MWRHVTlNd1p6ZEhKcGJtY01Cd0FGYzJodmNITURhVzUwQkFJQUFBWnpkSEpwYm1jTUR3QU5jMlZ6YzJsdmJsOXdjbTk0ZVFaemRISnBibWNNSFFBYmMyOWphM00xT2k4dk5EVXVPRGd1TnpjdU1qUXlPakV3TVRrd0JuTjBjbWx1Wnd3UUFBNXpaWE56YVc5dVgyTnZiMnRwWlFaemRISnBibWNNX2dFN0FQNEJOMk5tWDJOc1pXRnlZVzVqWlQwdVVFSjBiVEp6UmxJeGVIb3VXV1F1VHpaVGJqRmljRU5GYkVZMk4zaE9jR0pDTVhwUlpYYzBlV3RCTFRFM05qSTBPREV6TnpZdE1TNHlMakV1TVMxa01VTmtVMHB3TWpkdVJITTRSV2c1TW5kU1NUZGZXR1ZIYmpSR1MzZzNNRGhrZVdRMWVUQldWa1prVkdoMFJFdHpWakZrVm1aSFpqRTNlbGhHYldoRUxrMWlWV1ZvWjFkTVkxZFhjRU5YWVUxSVgxSlVZWEV3TlVKVlFsRnZka0pZU1dkNE0yUldRbmRSVm13MWVVazFhV2R2WWxSd1JGZFVWV1I0YjJONk0wcFZVRlZSZUdsWU5HRlNRekpqZWxOdlMwUkhMazg0ZG5WaFdXdzBlVzF4VjJsYVpYUnBkMHd6TUdKMWIyUmFhVTVHWXk1WVMwRkZkM0ZvVEhVdU1sTkxWVTQxT1dONmFISlJXRnBzVWtsV1JrVlROa1pYV2xCUVUxRnNNbkJmUTBOWk1tRTJNMUJuY0RCckJuTjBjbWx1Wnd3SUFBWndkWEp3YkdVR2MzUnlhVzVuREFZQUJIUnlkV1VHYzNSeWFXNW5EQWtBQjJKaGJHRnVZMlVEYVc1MEJBSUFBQVp6ZEhKcGJtY01Ed0FOYzJWemMybHZibDlwYm1SbGVBWnpkSEpwYm1jTUJRQURNVGc0Qm5OMGNtbHVad3dUQUJGelpYTnphVzl1WDNWelpYSmhaMlZ1ZEFaemRISnBibWNNY1FCdlRXOTZhV3hzWVM4MUxqQWdLRmRwYm1SdmQzTWdUbFFnTVRBdU1Ec2dWMmx1TmpRN0lIZzJOQ2tnUVhCd2JHVlhaV0pMYVhRdk5UTTNMak0ySUNoTFNGUk5UQ3dnYkdsclpTQkhaV05yYnlrZ1EyaHliMjFsTHpFME1DNHdMakF1TUNCVFlXWmhjbWt2TlRNM0xqTTJCbk4wY21sdVp3d0dBQVJzYVc1ckJuTjBjbWx1Wnd3YUFCaG9kSFJ3Y3pvdkwyTmhjSFJqYUdFdWEzSmhORFF1WTJNR2MzUnlhVzVuREFZQUJIQmhaMlVHYzNSeWFXNW5EQWtBQjJOaGNIUmphR0VHYzNSeWFXNW5EQWtBQjNOMFpXRnNaWElEYVc1MEJBSUFBQVp6ZEhKcGJtY01FQUFPYzJWemMybHZibDl6ZEdGMGRYTUdjM1J5YVc1bkRBWUFCSFJ5ZFdVPXzkBkkXLSW-9zC3Wq4MiBpBjubVQS9xEpR6zNa0Rya7kw==; Path=/; Expires=Sun, 07 Dec 2025 02:33:14 GMT; Max-Age=2592000; Secure; SameSite=None\r\nVary: accept-encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19603,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15330)","md5":"450571f6cdb9bc050f6eed3d31cdb4b6","sha1":"ff2c223d50e567a7dc128c00a9537533bd3d3124","sha256":"cb6fc755de3c1e1ea29b3bcac3b517a74d63a7d8319a7ef994903c0f24af7482","sha512":"ef42121f35dcc505951627184a6aba7efc344eebc22539ed272abacfd3ac57b694e31e978fbd10a15da0346b9dde0d56915f8bcad34e116b943e5bb1f7fd426c","ssdeep":"384:8QnR6oCu0H4KanAYgMoSiQzmVYnRPXpKh8JFc:90Hon4VgxXpKh8JFc","tlshash":"cd92bf1628970cd17d40e86cbb4fb4165e4de0339206ec283a5d67e4cfc66786ab3b8c","first_seen":"2025-11-07T02:33:36.097857Z","last_seen":"2025-11-07T02:33:36.097857Z","times_seen":1,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":607,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra4-2.cc/css/normalize.css","fqdn":"kra4-2.cc","domain":"kra4-2.cc","tld":"cc"},"ip":{"addr":"193.105.134.33","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/","date":"2025-11-07T02:33:14.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra4-2.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:17:29 GMT","end":"Wed, 14 Jan 2026 11:17:28 GMT"},"fingerprint":{"sha1":"EF:08:79:26:85:98:F5:B8:5A:58:83:86:6E:AD:AA:95:D3:B5:50:F7","sha256":"BE:BA:81:86:50:C2:57:AB:9B:DA:70:B3:ED:19:88:3F:45:29:C7:94:4E:3B:61:2B:48:B6:B1:D6:CA:01:BD:C1"}}},"request":{"raw":"GET /css/normalize.css HTTP/1.1\r\nHost: kra4-2.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/\r\nCookie: kraken_pm=MTc2MjQ4Mjc5NHxEWDhFQVFMX2dBQUJFQUVRQUFELUE1el9nQUFNQm5OMGNtbHVad3dKQUFkamIyOXJhV1Z6Qm5OMGNtbHVad3c5QUR0elpYSjJaWEpmYVdROVkzTnlkbDh4TkRzZ2RYTmxjbDlwWkQwN0lITmxjblpsY2owN0lHTmhjSFJqYUdGZmRXbGtQVHNnY205MWRHVTlNd1p6ZEhKcGJtY01Cd0FGYzJodmNITURhVzUwQkFJQUFBWnpkSEpwYm1jTUR3QU5jMlZ6YzJsdmJsOXdjbTk0ZVFaemRISnBibWNNSFFBYmMyOWphM00xT2k4dk5EVXVPRGd1TnpjdU1qUXlPakV3TVRrd0JuTjBjbWx1Wnd3UUFBNXpaWE56YVc5dVgyTnZiMnRwWlFaemRISnBibWNNX2dFN0FQNEJOMk5tWDJOc1pXRnlZVzVqWlQwdVVFSjBiVEp6UmxJeGVIb3VXV1F1VHpaVGJqRmljRU5GYkVZMk4zaE9jR0pDTVhwUlpYYzBlV3RCTFRFM05qSTBPREV6TnpZdE1TNHlMakV1TVMxa01VTmtVMHB3TWpkdVJITTRSV2c1TW5kU1NUZGZXR1ZIYmpSR1MzZzNNRGhrZVdRMWVUQldWa1prVkdoMFJFdHpWakZrVm1aSFpqRTNlbGhHYldoRUxrMWlWV1ZvWjFkTVkxZFhjRU5YWVUxSVgxSlVZWEV3TlVKVlFsRnZka0pZU1dkNE0yUldRbmRSVm13MWVVazFhV2R2WWxSd1JGZFVWV1I0YjJONk0wcFZVRlZSZUdsWU5HRlNRekpqZWxOdlMwUkhMazg0ZG5WaFdXdzBlVzF4VjJsYVpYUnBkMHd6TUdKMWIyUmFhVTVHWXk1WVMwRkZkM0ZvVEhVdU1sTkxWVTQxT1dONmFISlJXRnBzVWtsV1JrVlROa1pYV2xCUVUxRnNNbkJmUTBOWk1tRTJNMUJuY0RCckJuTjBjbWx1Wnd3SUFBWndkWEp3YkdVR2MzUnlhVzVuREFZQUJIUnlkV1VHYzNSeWFXNW5EQWtBQjJKaGJHRnVZMlVEYVc1MEJBSUFBQVp6ZEhKcGJtY01Ed0FOYzJWemMybHZibDlwYm1SbGVBWnpkSEpwYm1jTUJRQURNVGc0Qm5OMGNtbHVad3dUQUJGelpYTnphVzl1WDNWelpYSmhaMlZ1ZEFaemRISnBibWNNY1FCdlRXOTZhV3hzWVM4MUxqQWdLRmRwYm1SdmQzTWdUbFFnTVRBdU1Ec2dWMmx1TmpRN0lIZzJOQ2tnUVhCd2JHVlhaV0pMYVhRdk5UTTNMak0ySUNoTFNGUk5UQ3dnYkdsclpTQkhaV05yYnlrZ1EyaHliMjFsTHpFME1DNHdMakF1TUNCVFlXWmhjbWt2TlRNM0xqTTJCbk4wY21sdVp3d0dBQVJzYVc1ckJuTjBjbWx1Wnd3YUFCaG9kSFJ3Y3pvdkwyTmhjSFJqYUdFdWEzSmhORFF1WTJNR2MzUnlhVzVuREFZQUJIQmhaMlVHYzNSeWFXNW5EQWtBQjJOaGNIUmphR0VHYzNSeWFXNW5EQWtBQjNOMFpXRnNaWElEYVc1MEJBSUFBQVp6ZEhKcGJtY01FQUFPYzJWemMybHZibDl6ZEdGMGRYTUdjM1J5YVc1bkRBWUFCSFJ5ZFdVPXzkBkkXLSW-9zC3Wq4MiBpBjubVQS9xEpR6zNa0Rya7kw==\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 07 Nov 2025 02:33:14 GMT\r\nContent-Type: text/css; charset=utf-8\r\nContent-Length: 4768\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nLast-Modified: Tue, 24 Dec 2024 06:01:14 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4768,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"75fd64fc8e99dc317f41914081a03352","sha1":"97c20a567cf31b997322b3228838ae44b1394233","sha256":"db6ad8d74f75b4ec10be88cbf8dcf0134d1f63f7126accf2b375a0833aba0028","sha512":"9b8c26c9e7b3ca6fbdd5337dbbe2a6bfa06cb476355406f010cf4ea09438a406c804f5c56577e7b68b11870ee8fedb397ffd11a72ab2036c5485175779aafc99","ssdeep":"48:W3AtE0JlzWvwIpQnStqoemMHmGmRm6iRtmQmHxa9uuuma86cPBmJz9K+N3z+0hCK:/zGwIU2jMxALy63zD2s5","tlshash":"78a1df9e16022b5083324f3463979b15b72402768e4530edb8d04ab9eb96be686d0fcf","first_seen":"2024-09-22T02:59:45Z","last_seen":"2026-03-28T06:32:48.616221Z","times_seen":194,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra4-2.cc/favicon.ico","fqdn":"kra4-2.cc","domain":"kra4-2.cc","tld":"cc"},"ip":{"addr":"193.105.134.33","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/","date":"2025-11-07T02:33:15.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra4-2.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:17:29 GMT","end":"Wed, 14 Jan 2026 11:17:28 GMT"},"fingerprint":{"sha1":"EF:08:79:26:85:98:F5:B8:5A:58:83:86:6E:AD:AA:95:D3:B5:50:F7","sha256":"BE:BA:81:86:50:C2:57:AB:9B:DA:70:B3:ED:19:88:3F:45:29:C7:94:4E:3B:61:2B:48:B6:B1:D6:CA:01:BD:C1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kra4-2.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/\r\nCookie: kraken_pm=MTc2MjQ4Mjc5NHxEWDhFQVFMX2dBQUJFQUVRQUFELUE1el9nQUFNQm5OMGNtbHVad3dKQUFkamIyOXJhV1Z6Qm5OMGNtbHVad3c5QUR0elpYSjJaWEpmYVdROVkzTnlkbDh4TkRzZ2RYTmxjbDlwWkQwN0lITmxjblpsY2owN0lHTmhjSFJqYUdGZmRXbGtQVHNnY205MWRHVTlNd1p6ZEhKcGJtY01Cd0FGYzJodmNITURhVzUwQkFJQUFBWnpkSEpwYm1jTUR3QU5jMlZ6YzJsdmJsOXdjbTk0ZVFaemRISnBibWNNSFFBYmMyOWphM00xT2k4dk5EVXVPRGd1TnpjdU1qUXlPakV3TVRrd0JuTjBjbWx1Wnd3UUFBNXpaWE56YVc5dVgyTnZiMnRwWlFaemRISnBibWNNX2dFN0FQNEJOMk5tWDJOc1pXRnlZVzVqWlQwdVVFSjBiVEp6UmxJeGVIb3VXV1F1VHpaVGJqRmljRU5GYkVZMk4zaE9jR0pDTVhwUlpYYzBlV3RCTFRFM05qSTBPREV6TnpZdE1TNHlMakV1TVMxa01VTmtVMHB3TWpkdVJITTRSV2c1TW5kU1NUZGZXR1ZIYmpSR1MzZzNNRGhrZVdRMWVUQldWa1prVkdoMFJFdHpWakZrVm1aSFpqRTNlbGhHYldoRUxrMWlWV1ZvWjFkTVkxZFhjRU5YWVUxSVgxSlVZWEV3TlVKVlFsRnZka0pZU1dkNE0yUldRbmRSVm13MWVVazFhV2R2WWxSd1JGZFVWV1I0YjJONk0wcFZVRlZSZUdsWU5HRlNRekpqZWxOdlMwUkhMazg0ZG5WaFdXdzBlVzF4VjJsYVpYUnBkMHd6TUdKMWIyUmFhVTVHWXk1WVMwRkZkM0ZvVEhVdU1sTkxWVTQxT1dONmFISlJXRnBzVWtsV1JrVlROa1pYV2xCUVUxRnNNbkJmUTBOWk1tRTJNMUJuY0RCckJuTjBjbWx1Wnd3SUFBWndkWEp3YkdVR2MzUnlhVzVuREFZQUJIUnlkV1VHYzNSeWFXNW5EQWtBQjJKaGJHRnVZMlVEYVc1MEJBSUFBQVp6ZEhKcGJtY01Ed0FOYzJWemMybHZibDlwYm1SbGVBWnpkSEpwYm1jTUJRQURNVGc0Qm5OMGNtbHVad3dUQUJGelpYTnphVzl1WDNWelpYSmhaMlZ1ZEFaemRISnBibWNNY1FCdlRXOTZhV3hzWVM4MUxqQWdLRmRwYm1SdmQzTWdUbFFnTVRBdU1Ec2dWMmx1TmpRN0lIZzJOQ2tnUVhCd2JHVlhaV0pMYVhRdk5UTTNMak0ySUNoTFNGUk5UQ3dnYkdsclpTQkhaV05yYnlrZ1EyaHliMjFsTHpFME1DNHdMakF1TUNCVFlXWmhjbWt2TlRNM0xqTTJCbk4wY21sdVp3d0dBQVJzYVc1ckJuTjBjbWx1Wnd3YUFCaG9kSFJ3Y3pvdkwyTmhjSFJqYUdFdWEzSmhORFF1WTJNR2MzUnlhVzVuREFZQUJIQmhaMlVHYzNSeWFXNW5EQWtBQjJOaGNIUmphR0VHYzNSeWFXNW5EQWtBQjNOMFpXRnNaWElEYVc1MEJBSUFBQVp6ZEhKcGJtY01FQUFPYzJWemMybHZibDl6ZEdGMGRYTUdjM1J5YVc1bkRBWUFCSFJ5ZFdVPXzkBkkXLSW-9zC3Wq4MiBpBjubVQS9xEpR6zNa0Rya7kw==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 07 Nov 2025 02:33:15 GMT\r\nContent-Type: image/vnd.microsoft.icon\r\nContent-Length: 101392\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nLast-Modified: Tue, 24 Dec 2024 06:01:12 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101392,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel","md5":"43c85273b4ffd1311892b0b527407e30","sha1":"e34da69cef0622072b99bf9f865bbbb3d4bac300","sha256":"e96845bcd9e448763b3e667e7186cb25270f664a680c479cf33074dcf2aed3dd","sha512":"f282496529c943611f6dbe100c3d73764175e20ec43ad3244c53b16e6db6d5c5782bcb0baa2dd7659cfc589e2d2e609a69ebeb9c3aedc63d4ea82894b2b08b82","ssdeep":"192:1NIrfSnBw6OnFlEkEkEkEdHHHTHHHPUkU93jX9Rhkuncw+0xXz4Rv:18SnBw/YHHHTHHHE3jX97xcw+014d","tlshash":"aca35350b2d6f61ad1d876344c93ce792331ac958c175b2b32ce7f9b39f42a629093e4","first_seen":"2024-10-16T16:01:12.238269Z","last_seen":"2026-03-30T15:52:23.276858Z","times_seen":401,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"moscowwebstudio.ru/PARSE/DATA/IMAGES/38984849431_blacksprut-magazin-narkotikov.jpg","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://moscowwebstudio.ru/kraken-market-plejs.html","date":"2025-11-07T02:33:13.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moscowwebstudio.ru","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 21:19:46 GMT","end":"Mon, 26 Jan 2026 21:19:45 GMT"},"fingerprint":{"sha1":"F4:93:0E:DF:06:D0:CD:37:19:63:E4:45:24:76:93:0C:2E:5A:16:21","sha256":"EE:3A:AB:F3:79:66:62:B0:DE:FF:49:3F:6F:CE:FD:43:9F:07:40:DA:87:B1:37:21:28:DB:0B:67:33:81:5B:60"}}},"request":{"raw":"GET /PARSE/DATA/IMAGES/38984849431_blacksprut-magazin-narkotikov.jpg HTTP/1.1\r\nHost: moscowwebstudio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moscowwebstudio.ru/kraken-market-plejs.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":684,"timings":{"blocked":340,"dns":1,"connect":10,"send":0,"wait":0,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"moscowwebstudio.ru/templates/KRAKEN_CAP/img/logo.webp","fqdn":"moscowwebstudio.ru","domain":"moscowwebstudio.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://moscowwebstudio.ru/kraken-market-plejs.html","date":"2025-11-07T02:33:13.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"moscowwebstudio.ru","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 21:19:46 GMT","end":"Mon, 26 Jan 2026 21:19:45 GMT"},"fingerprint":{"sha1":"F4:93:0E:DF:06:D0:CD:37:19:63:E4:45:24:76:93:0C:2E:5A:16:21","sha256":"EE:3A:AB:F3:79:66:62:B0:DE:FF:49:3F:6F:CE:FD:43:9F:07:40:DA:87:B1:37:21:28:DB:0B:67:33:81:5B:60"}}},"request":{"raw":"GET /templates/KRAKEN_CAP/img/logo.webp HTTP/1.1\r\nHost: moscowwebstudio.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moscowwebstudio.ru/kraken-market-plejs.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":687,"timings":{"blocked":339,"dns":1,"connect":8,"send":0,"wait":0,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra4-2.cc/","fqdn":"kra4-2.cc","domain":"kra4-2.cc","tld":"cc"},"ip":{"addr":"193.105.134.33","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T02:33:13.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra4-2.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:17:29 GMT","end":"Wed, 14 Jan 2026 11:17:28 GMT"},"fingerprint":{"sha1":"EF:08:79:26:85:98:F5:B8:5A:58:83:86:6E:AD:AA:95:D3:B5:50:F7","sha256":"BE:BA:81:86:50:C2:57:AB:9B:DA:70:B3:ED:19:88:3F:45:29:C7:94:4E:3B:61:2B:48:B6:B1:D6:CA:01:BD:C1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kra4-2.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://moscowwebstudio.ru/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 07 Nov 2025 02:33:14 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nCf-Cache-Status: DYNAMIC\r\nCf-Ray: 99a96cb67e1e6657-AMS\r\nLocation: https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/\r\nNel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=s0AdBbRdS%2BmbO3j21U62NleJ4XgAww7EUVMd0gJ%2BJSqAIQWuTa1umxZuRn3Ne2iMzJ9yDBy1SucYBz6c7WUnEqeNYPcM4Onv5MPPwDqvqCNT1yujH3%2BUXriGhq4n5lBZAD7zPnuI\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nServer-Timing: cfL4;desc=\"?proto=TCP\u0026rtt=1279\u0026min_rtt=1230\u0026rtt_var=380\u0026sent=5\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=3287\u0026recv_bytes=1572\u0026delivery_rate=3075285\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=1bb7515a1371ac64\u0026ts=118\u0026x=0\"\r\nSet-Cookie: kraken_pm=MTc2MjQ4Mjc5NHxEWDhFQVFMX2dBQUJFQUVRQUFELUEySF9nQUFNQm5OMGNtbHVad3dUQUJGelpYTnphVzl1WDNWelpYSmhaMlZ1ZEFaemRISnBibWNNY1FCdlRXOTZhV3hzWVM4MUxqQWdLRmRwYm1SdmQzTWdUbFFnTVRBdU1Ec2dWMmx1TmpRN0lIZzJOQ2tnUVhCd2JHVlhaV0pMYVhRdk5UTTNMak0ySUNoTFNGUk5UQ3dnYkdsclpTQkhaV05yYnlrZ1EyaHliMjFsTHpFME1DNHdMakF1TUNCVFlXWmhjbWt2TlRNM0xqTTJCbk4wY21sdVp3d0dBQVJzYVc1ckJuTjBjbWx1Wnd3YUFCaG9kSFJ3Y3pvdkwyTmhjSFJqYUdFdWEzSmhORFF1WTJNR2MzUnlhVzVuREFZQUJIQmhaMlVHYzNSeWFXNW5EQWtBQjJOaGNIUmphR0VHYzNSeWFXNW5EQWtBQjNOMFpXRnNaWElEYVc1MEJBSUFBQVp6ZEhKcGJtY01FQUFPYzJWemMybHZibDl6ZEdGMGRYTUdjM1J5YVc1bkRBWUFCSFJ5ZFdVR2MzUnlhVzVuREJBQURuTmxjM05wYjI1ZlkyOXZhMmxsQm5OMGNtbHVad3otQVRzQV9nRTNZMlpmWTJ4bFlYSmhibU5sUFM1UVFuUnRNbk5HVWpGNGVpNVpaQzVQTmxOdU1XSndRMFZzUmpZM2VFNXdZa0l4ZWxGbGR6UjVhMEV0TVRjMk1qUTRNVE0zTmkweExqSXVNUzR4TFdReFEyUlRTbkF5TjI1RWN6aEZhRGt5ZDFKSk4xOVlaVWR1TkVaTGVEY3dPR1I1WkRWNU1GWldSbVJVYUhSRVMzTldNV1JXWmtkbU1UZDZXRVp0YUVRdVRXSlZaV2huVjB4alYxZHdRMWRoVFVoZlVsUmhjVEExUWxWQ1VXOTJRbGhKWjNnelpGWkNkMUZXYkRWNVNUVnBaMjlpVkhCRVYxUlZaSGh2WTNvelNsVlFWVkY0YVZnMFlWSkRNbU42VTI5TFJFY3VUemgyZFdGWmJEUjViWEZYYVZwbGRHbDNURE13WW5WdlpGcHBUa1pqTGxoTFFVVjNjV2hNZFM0eVUwdFZUalU1WTNwb2NsRllXbXhTU1ZaR1JWTTJSbGRhVUZCVFVXd3ljRjlEUTFreVlUWXpVR2R3TUdzR2MzUnlhVzVuREFnQUJuQjFjbkJzWlFaemRISnBibWNNQmdBRWRISjFaUVp6ZEhKcGJtY01DUUFIWTI5dmEybGxjd1p6ZEhKcGJtY01BZ0FBQm5OMGNtbHVad3dKQUFkaVlXeGhibU5sQTJsdWRBUUNBQUFHYzNSeWFXNW5EQWNBQlhOb2IzQnpBMmx1ZEFRQ0FBQUdjM1J5YVc1bkRBOEFEWE5sYzNOcGIyNWZjSEp2ZUhrR2MzUnlhVzVuREIwQUczTnZZMnR6TlRvdkx6UTFMamc0TGpjM0xqSTBNam94TURFNU1BWnpkSEpwYm1jTUR3QU5jMlZ6YzJsdmJsOXBibVJsZUFaemRISnBibWNNQlFBRE1UZzR8dg2NaSVC3roLuSQlpy9PCcFnYmhQ9N-pktQOC5dKO1A=; Path=/; Expires=Sun, 07 Dec 2025 02:33:14 GMT; Max-Age=2592000; Secure; SameSite=None\nkraken_pm=MTc2MjQ4Mjc5NHxEWDhFQVFMX2dBQUJFQUVRQUFELUEzYl9nQUFNQm5OMGNtbHVad3dRQUE1elpYTnphVzl1WDNOMFlYUjFjd1p6ZEhKcGJtY01CZ0FFZEhKMVpRWnpkSEpwYm1jTUVBQU9jMlZ6YzJsdmJsOWpiMjlyYVdVR2MzUnlhVzVuRFA0Qk93RC1BVGRqWmw5amJHVmhjbUZ1WTJVOUxsQkNkRzB5YzBaU01YaDZMbGxrTGs4MlUyNHhZbkJEUld4R05qZDRUbkJpUWpGNlVXVjNOSGxyUVMweE56WXlORGd4TXpjMkxURXVNaTR4TGpFdFpERkRaRk5LY0RJM2JrUnpPRVZvT1RKM1VrazNYMWhsUjI0MFJrdDROekE0Wkhsa05Ya3dWbFpHWkZSb2RFUkxjMVl4WkZabVIyWXhOM3BZUm0xb1JDNU5ZbFZsYUdkWFRHTlhWM0JEVjJGTlNGOVNWR0Z4TURWQ1ZVSlJiM1pDV0VsbmVETmtWa0ozVVZac05YbEpOV2xuYjJKVWNFUlhWRlZrZUc5amVqTktWVkJWVVhocFdEUmhVa015WTNwVGIwdEVSeTVQT0haMVlWbHNOSGx0Y1ZkcFdtVjBhWGRNTXpCaWRXOWtXbWxPUm1NdVdFdEJSWGR4YUV4MUxqSlRTMVZPTlRsamVtaHlVVmhhYkZKSlZrWkZVelpHVjFwUVVGTlJiREp3WDBORFdUSmhOak5RWjNBd2F3WnpkSEpwYm1jTUNBQUdjSFZ5Y0d4bEJuTjBjbWx1Wnd3R0FBUjBjblZsQm5OMGNtbHVad3dKQUFkamIyOXJhV1Z6Qm5OMGNtbHVad3dYQUJWelpYSjJaWEk5T3lCallYQjBZMmhoWDNWcFpEMEdjM1J5YVc1bkRBa0FCMkpoYkdGdVkyVURhVzUwQkFJQUFBWnpkSEpwYm1jTUJ3QUZjMmh2Y0hNRGFXNTBCQUlBQUFaemRISnBibWNNRHdBTmMyVnpjMmx2Ymw5d2NtOTRlUVp6ZEhKcGJtY01IUUFiYzI5amEzTTFPaTh2TkRVdU9EZ3VOemN1TWpReU9qRXdNVGt3Qm5OMGNtbHVad3dQQUExelpYTnphVzl1WDJsdVpHVjRCbk4wY21sdVp3d0ZBQU14T0RnR2MzUnlhVzVuREJNQUVYTmxjM05wYjI1ZmRYTmxjbUZuWlc1MEJuTjBjbWx1Wnd4eEFHOU5iM3BwYkd4aEx6VXVNQ0FvVjJsdVpHOTNjeUJPVkNBeE1DNHdPeUJYYVc0Mk5Ec2dlRFkwS1NCQmNIQnNaVmRsWWt0cGRDODFNemN1TXpZZ0tFdElWRTFNTENCc2FXdGxJRWRsWTJ0dktTQkRhSEp2YldVdk1UUXdMakF1TUM0d0lGTmhabUZ5YVM4MU16Y3VNellHYzNSeWFXNW5EQVlBQkd4cGJtc0djM1J5YVc1bkRCb0FHR2gwZEhCek9pOHZZMkZ3ZEdOb1lTNXJjbUUwTkM1all3WnpkSEpwYm1jTUJnQUVjR0ZuWlFaemRISnBibWNNQ1FBSFkyRndkR05vWVFaemRISnBibWNNQ1FBSGMzUmxZV3hsY2dOcGJuUUVBZ0FBfAqG7FupTGhk-yPkLSrrOjs6dvbFNrDtj8u3BQu89rUu; Path=/; Expires=Sun, 07 Dec 2025 02:33:14 GMT; Max-Age=2592000; Secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19603,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":590,"timings":{"blocked":42,"dns":20,"connect":8,"send":0,"wait":498,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"kra4-2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/","date":"2025-11-07T02:33:14.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 08:38:51 GMT","end":"Mon, 05 Jan 2026 08:38:50 GMT"},"fingerprint":{"sha1":"1D:8E:3A:85:91:AC:63:71:94:8B:0E:61:45:34:D9:86:AB:A6:E2:CE","sha256":"E6:93:4E:53:89:15:41:28:27:59:AA:84:50:96:96:1E:2A:98:7E:08:60:AE:68:62:AE:DD:86:AB:DB:0F:FE:2B"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra4-2.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 07 Nov 2025 02:33:15 GMT\r\ndate: Fri, 07 Nov 2025 02:33:15 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"1be305145d51ecbeb52ba67f2208dea9","sha1":"6f97fc00e9d6771004cb17d53c7ff7d62011e78e","sha256":"5fb68a19bfedc1331144c73515b5cc021af26ac8605c62e73a31771a0e19ee62","sha512":"b3a73238231bbeeaf01907f0e3a78d4221d24b50de71345c66a6d6a4ff6afb5fd8d88b242a57ba35d37f0466edc6d3a19c7e02dfd4563d2ee565ca2cc06182c6","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8ONEhYO3RrxGx:8KYXuM1+4","tlshash":"dd227792002ba400ab971dc233cf7f3aaece10896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-11T03:25:11.707221Z","last_seen":"2026-04-03T13:15:10.196452Z","times_seen":3357,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":110,"dns":1,"connect":20,"send":0,"wait":31,"receive":0,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7W0I5nvwUgHU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/","date":"2025-11-07T02:33:15.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 08:38:51 GMT","end":"Mon, 05 Jan 2026 08:38:50 GMT"},"fingerprint":{"sha1":"89:73:B0:EF:F1:BA:6A:DA:6C:2C:87:70:0D:17:11:82:30:E9:13:68","sha256":"96:8D:5D:62:3A:3A:D6:CD:06:9A:CE:52:F4:2D:91:F9:66:13:40:F4:5F:9B:88:3D:55:04:79:E3:14:96:51:FA"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7W0I5nvwUgHU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra4-2.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18720\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 04 Nov 2025 23:38:31 GMT\r\nexpires: Wed, 04 Nov 2026 23:38:31 GMT\r\ncache-control: public, max-age=31536000\r\nage: 183284\r\nlast-modified: Tue, 09 Sep 2025 18:30:42 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18720,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18720, version 1.0","md5":"2c753ee2983cf76ffeefa20db25a70c3","sha1":"13e20767faf339db1eb3b75b329e00f6d1b483fe","sha256":"28d124cbfadb7765f74a5688577c956ea3dd70f585b4645b2dc132742cd4c319","sha512":"0c9d6b356984e0f502a4a7ed99aef38621a53a580ceab2f1cb3f4f8d923f295891db0aac9eb2563541369a517e53def5b883a846eac8e138c169cd913044c8d7","ssdeep":"384:bNd6oCG7QqLLDPkev3w0zjoO9ETU1yZHG+2EuEn3iQ4:ZwozcqLLDM8Xf9ETU1yIzEuE3il","tlshash":"8982d0c11485e23c8e7c9ebb6a54f2b3acdb1238fed4371437127796504845b947a8bb","first_seen":"2025-09-10T18:13:11.027375Z","last_seen":"2026-04-03T18:30:02.693293Z","times_seen":7531,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":112,"dns":1,"connect":20,"send":0,"wait":8,"receive":2,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra4-2.cc/?ref=kra44.cc\u0026shop2go=/","date":"2025-11-07T02:33:15.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 08:38:51 GMT","end":"Mon, 05 Jan 2026 08:38:50 GMT"},"fingerprint":{"sha1":"89:73:B0:EF:F1:BA:6A:DA:6C:2C:87:70:0D:17:11:82:30:E9:13:68","sha256":"96:8D:5D:62:3A:3A:D6:CD:06:9A:CE:52:F4:2D:91:F9:66:13:40:F4:5F:9B:88:3D:55:04:79:E3:14:96:51:FA"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra4-2.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 04 Nov 2025 23:36:13 GMT\r\nexpires: Wed, 04 Nov 2026 23:36:13 GMT\r\ncache-control: public, max-age=31536000\r\nage: 183422\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-03T18:31:09.417401Z","times_seen":132553,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":68,"dns":1,"connect":7,"send":0,"wait":8,"receive":11,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}