{"report_id":"4dabe289-afd0-4fec-bb7d-a14914e1602f","version":6,"status":"done","tags":[],"date":"2026-03-28T23:25:45Z","url":{"schema":"https","addr":"kra20at.cc","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"104.131.175.233","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"title":"Kra20at Cc","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"kra20at.cc","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"104.131.175.233","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T23:25:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"colossal-seat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.violetfigure.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2025-12-15","domain_rank":0,"first_seen":"2026-03-27T08:13:49.040179Z","last_seen":"2026-03-27T08:13:49.040179Z","alert_count":0,"request_count":2,"received_data":208212,"sent_data":902,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sdk4push.com","ip":{"addr":"157.90.33.122","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-03-27","domain_rank":78856,"first_seen":"2024-04-12T08:03:31Z","last_seen":"2026-03-25T11:41:28.885531Z","alert_count":0,"request_count":2,"received_data":55826,"sent_data":870,"comment":"","tags":null,"fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}]},{"fqdn":"www.stay22.com","ip":{"addr":"104.18.10.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-03-14","domain_rank":161948,"first_seen":"2015-04-18T08:52:25Z","last_seen":"2026-03-26T22:30:14.655802Z","alert_count":0,"request_count":4,"received_data":6237,"sent_data":3548,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"id.h2.stay22.com","ip":{"addr":"104.18.30.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-03-14","domain_rank":0,"first_seen":"2026-01-24T16:25:35.437986Z","last_seen":"2026-03-23T04:47:57.127024Z","alert_count":0,"request_count":2,"received_data":3069,"sent_data":1081,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"scripts.stay22.com","ip":{"addr":"104.18.11.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-03-14","domain_rank":185664,"first_seen":"2021-02-01T14:42:18Z","last_seen":"2026-03-28T07:03:21.097766Z","alert_count":0,"request_count":1,"received_data":287706,"sent_data":415,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"lumbering-main.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-11-10","domain_rank":0,"first_seen":"2025-11-24T05:48:07.269033Z","last_seen":"2026-03-28T23:20:40.089845Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":482,"comment":"","tags":null,"fingerprints":null},{"fqdn":"kra20at.cc","ip":{"addr":"104.131.175.233","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"domain_registered":"2025-12-26","domain_rank":3038449,"first_seen":"2026-03-28T23:20:38.405766Z","last_seen":"2026-03-28T23:20:38.405766Z","alert_count":6,"request_count":3,"received_data":64706,"sent_data":1480,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Clicky","description":"Clicky is web an analytics tool which helps you to get real-time analysis including spy view.","website":"https://getclicky.com","common_platform_enumeration":"","icon":"Clicky.png","categories":["Analytics"]}]},{"fqdn":"stableaspect.com","ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2026-01-27","domain_rank":0,"first_seen":"2026-02-01T06:06:41.553198Z","last_seen":"2026-03-28T23:20:39.124318Z","alert_count":8,"request_count":4,"received_data":225726,"sent_data":2234,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"colossal-seat.com","ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-11-15","domain_rank":0,"first_seen":"2025-11-22T22:15:46.053596Z","last_seen":"2026-03-28T23:20:38.991843Z","alert_count":2,"request_count":2,"received_data":224428,"sent_data":1068,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"matomo.ieplsg.com","ip":{"addr":"104.21.55.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-08-20","domain_rank":4800277,"first_seen":"2025-03-11T21:42:28.25535Z","last_seen":"2026-03-28T23:20:39.315874Z","alert_count":0,"request_count":2,"received_data":68870,"sent_data":1174,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.2.26","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"96ffeca088bb4662165e43ed6b0bd352","sha1":"5310cc446f3219476f8ab4faba65ace0b587985d","sha256":"13da6c2ffb6db734e6ce8ff1d9e61908b91920e87bf7197c4b74167df5592fda","sha512":"6aa97b9c11532c58d5143f3dd98ee0349a45251b8af83459afff088624fb596b8145b38c5d1f7bca6d7b2792c5969539800150639d96ff66740080adc351e075","ssdeep":"","tlshash":"cbe0df0758a34928d0dac06b5377ea1b76430d0ace58d022f9aada140f04eb2998876e","size":372,"data":"","first_seen":"2026-01-18T10:08:29.774416Z","last_seen":"2026-06-06T09:28:30.235262Z","times_seen":41,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3fe854e4af9313e8079b2969982bca0","sha1":"8c7075aa743a94a5855af7e496779bbd05a96d05","sha256":"0ea7f18d09724049dac571721124a344d4e9baf1ea0ccca6c3cf78e5a910f89f","sha512":"7c927d6be41ec4a335ba8f649706c73e46e421db9d11601a02a017acdb53f6637078c686e13e3c63cd7ab1dab1454303fa4bb66e22e889e2150c4ba4c958e13b","ssdeep":"","tlshash":"2901f95e22137239117732ca971bc10c18329053a641c04cb68c566a4f75f6fd6df689","size":694,"data":"","first_seen":"2026-03-28T23:20:43.959415Z","last_seen":"2026-03-28T23:25:48.149952Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"84d8af483c277278353cc3262c7ef7f1","sha1":"14f9b3ad2611ec8e22224106005b4a06f4bacea2","sha256":"2e04908300ab481b4cb63b1f61ab0c7294c9d7b9906434218732ed1bdadbfc4c","sha512":"afc4139e50e26508bc340070edc86a375c5a11573028db3d5343d04bd81bd2e494ad34029ad2951786e7f5b70639c8f954a321c94fc2df9e1b6a82d7375829fb","ssdeep":"","tlshash":"94e0c0fc6c0d7230b2a690b65039574a314030243839784274bc956b3f10fee8c58e69","size":370,"data":"","first_seen":"2026-03-28T23:20:43.960783Z","last_seen":"2026-03-28T23:25:48.151248Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"colossal-seat.com/b/X/VCsEd.Gglz0dYbWqcI/Me/mw9vuUZyUGlkk_PkTZYO3pMfD/gn4TM_jbkBthNfjIc/wdOaDNgszAMgAR","fqdn":"colossal-seat.com","domain":"colossal-seat.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"bfeae9da7f9dececce95b264e2c1e0be","sha1":"1f112435f034fb0147b4d56dfc15b7e2171b779f","sha256":"79718384ebf0287a529c83ba1d9468de867e89f94915e8769f6be16ebc9c0f80","sha512":"afa962dd5f005f1955d6ef411362c08c4117ba1877a7842ef4171ecc320d7feea1aa57ca088f9439e49d80e348c9e269d25873f28182909ba228a7330d01cb92","ssdeep":"6144:wxZboEBkleZy8pR7hCrQB42X040I27lFG5ClE5yyoOSHZ3dDDgJbb:wa8pRD0I2/Dy3","tlshash":"9e243c9a3692747906f600a57477520ab2390a5b3d098024bc7cece57da9e4f733bfb4","size":223099,"data":"","first_seen":"2026-03-28T23:25:48.139658Z","last_seen":"2026-03-28T23:25:48.139658Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fdea062941498902db750cbdb7c40a13","sha1":"23c9a1be67e0cb5fdbbfdf9f779c24aacd621e89","sha256":"e18a45a2a0bad09dc4395d3be024ea419550e51f002724eeda9e5ba2333ff092","sha512":"4f26b90b4db531a80fa17c43bb4a1538cb0c5199f741e7ca8aa18b64e9c6a29cd378893537fb42aaa3f76ca8ea74bb263999ccf18dd90c2fc7a1d3dc72ee7781","ssdeep":"","tlshash":"88e07d1db1c4003532b3557a23f792051732370fc44d4f167a5fc4953b34c62048650c","size":315,"data":"","first_seen":"2025-12-10T23:58:17.146898Z","last_seen":"2026-06-06T09:28:30.23956Z","times_seen":67,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk4push.com/f/sdk.js?z=2191812","fqdn":"sdk4push.com","domain":"sdk4push.com","tld":"com"},"ip":{"addr":"157.90.33.122","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"4018ad296da1caed34597f1e0ba53d28","sha1":"f4eb27979f1d7c9ee092f270d739466e8da537f9","sha256":"10de896ad40948b2a23b11a5eaf48ef59583762ee9ed8bb8ba40a308ce12dc93","sha512":"5799c4411f4f36aeee2ea0d3c4065672eb2709071b9338ca84607435c52482490f8d03fffbb6029e21e6f247be124eafadff6970644718c996cc7d75f29a6807","ssdeep":"1536:/7LMSZcnLitlCr8WoeisV69SDG3nY+kH+s9K:/7L1Y2NViB9K","tlshash":"b833818877c6713412a7a4ac056f50d6eb2b3c34944e890adc53f3a2297576eef23d74","size":54787,"data":"","first_seen":"2025-04-03T01:19:28.743234Z","last_seen":"2026-06-07T15:26:35.748854Z","times_seen":620,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stableaspect.com/bJX/V.sndkGQlD0mY/WEcU/secmo9/uNZVU/ltkbPFT/Yr3sMaDygP4/Mdj-kftzNyjfc/wtOIDogvzTMYAI","fqdn":"stableaspect.com","domain":"stableaspect.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c338e19fde5b8ffd3fd5cfaddd54cc4","sha1":"a5bd69910e5ac152962f1fbc69130af2a8c82158","sha256":"78a269cf47e339613e9ed413c978282ebfe1420e6b016cc4a7b4a09070ce21d9","sha512":"b2fc78b3599dda1fe2ac8fe93292cbbaa7281e9fe6e7b4f602e7d834ff0d68edd954b69b6266bd216166511d32e3e8a00782067f3ecc99ceb1749652da0909bf","ssdeep":"6144:wxZboEBkleZyqpMVCrQB42X040I27lFG5ClE5yyoOSHZ3dDDgJby:waqpML0I2/Dy+","tlshash":"40243c9a3692747906f600a57477520ab2390a5b3d098024bc7cece57da9e4f733bfb4","size":223091,"data":"","first_seen":"2026-03-28T23:25:48.131611Z","last_seen":"2026-03-28T23:25:48.131611Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scripts.stay22.com/letmeallez.js","fqdn":"scripts.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.11.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"233d29ad5304c323697764b1a4512026","sha1":"48fd3398be515dd64b3bc69d891a4dd2769f6a30","sha256":"3aa343db4d12a7a3e070900b3dc231aaf8fd225b6ecfe0490fc7beca1ae16381","sha512":"e0c0e62d149297506ea94b83509c88af01cf2f075ebdc01e69ccafd64cc4c867025f730f5389732f31f54376f49ee3d376fb23be21c0c172c934214957abae9b","ssdeep":"6144:dpzk9OnCVmVIxQv+dwpze5pV9RcqpX33rCMTVbKVOX5LyRWFlPO4+Ppc9Y+vJrwz:dpzk9IaZQv+r3Jho","tlshash":"01544bdc72d6b86243ab606810bf5007f17a7895284ea014f665d8ee3eb4b4590fbf7c","size":286617,"data":"","first_seen":"2026-03-26T17:11:57.852941Z","last_seen":"2026-03-29T03:29:31.483179Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"268d4ff34e0711284742e49553fda6bb","sha1":"ebd523bd223a1d47b768abacaa07da65d40b7dda","sha256":"2ec589fee97cd3337c1555c5c3491f90ce83b664e23042d01a3cba350252e914","sha512":"79cd6394a56058032f52fccaecdf7ec528e41d6e9891ffee241123ac6aeb93379f5f208ccacfa80938622790ab24da92c9246dc1d4b08648364ae661ded64e58","ssdeep":"","tlshash":"4cf0502158ef1efe653b627e6d7e8d2972ab2c19a060c0446d4094159d7298686502c8","size":511,"data":"","first_seen":"2026-03-28T23:20:43.964229Z","last_seen":"2026-03-28T23:25:48.153822Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5624e912e4cc645fd37eea88d7c9e629","sha1":"9bcfc47e7389b41e0068cc3c7c35ca039245df21","sha256":"78c5b2f1d382f15b4e6c5ba9cd9f3f4ea7f9088adaab559c952cb5dbdc05f117","sha512":"0cc633ac63eeeebfabcb2c963fd7d7d69094ff372684a2889c10e23175c5417dc1a0db2cd1c37087a6f61a0e37797e0997e26256189e74427451c938f3d2daea","ssdeep":"384:Askjdg45jjm9v94zKCLPk6Yyq+IzoT2vV:AlYjyqTpt","tlshash":"b842240122766930446713efd2994987b461104f6b44aacffb6d932d1fb84a433ffaad","size":13099,"data":"","first_seen":"2025-12-23T08:28:58.586388Z","last_seen":"2026-06-07T02:23:12.315281Z","times_seen":68,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6ad806b35a7498f35cc14aca3b2ec9fe","sha1":"ddde128ce6f21be44dfa84fbe6ad64c427eff587","sha256":"35ac30c82e64fe2b9a310fe116ce6db9f0e52d33e98154cb6f575789546becf7","sha512":"ecbb1f492a142cb51b51e2b7b781838dc257f0f807487b413498c7c8bc93383ea612b99c5ee05662a08c635d0e7af32e2ea94011c522a98ca4cbadc4608276c9","ssdeep":"","tlshash":"40e0c0ac2e69b93093b30437e1784fcab120201c24365840206de00f3705fed4c65fe6","size":368,"data":"","first_seen":"2026-02-01T06:06:46.335264Z","last_seen":"2026-06-07T02:23:12.315806Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"matomo.ieplsg.com/matomo.js","fqdn":"matomo.ieplsg.com","domain":"ieplsg.com","tld":"com"},"ip":{"addr":"104.21.55.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"97b41888a87c22615114d73c91cc70a3","sha1":"a9e02fdb328a29bd8753e7000d0afe6ef635aad1","sha256":"f2e8975ed834c578c50d3923ceb26de04d4fa44f74380f45f147585d909a874d","sha512":"0023e6fd1e095cb37ffd94393f583f9a1ad1fe18a03b72bd035d431401038b48cc9689e2bbf4b0bbee5b6082e77db6e2bdd55b4d5ffb1c45f86e0f330789c10f","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEy+XzsyWbuds06Vdda8EbdAAOV4ITzvBCQaFLa:AT+Z2fuULzsyWbbVdda8EbdAA0XvBv5","tlshash":"0263d5ca72c275398bca6074603f1187b17aada7144cc4a4f56ac4fa3c3891e957bf78","size":67460,"data":"","first_seen":"2024-05-09T17:51:40Z","last_seen":"2026-06-07T15:26:35.730042Z","times_seen":5086,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6a96d820e4b39a92ee60c8b6bc85ea9c","sha1":"012affefd1ffeff267813f4ae0dd07f56f126006","sha256":"464c23399955a98ac8feb097b6a7b10592fd594f312e4519d2800f5c8a48fbc4","sha512":"cdf0ca27fedb1705cda5b4ae9545f3cceda1c074db784ae4534fd15c25fa75bc3c25f2e2af2ea78b2777aabc509db1490780e7eeffadf4d3a04f0d13d972cb16","ssdeep":"","tlshash":"79e068ac9a688f36a3b9113ba07c5756b020b1545c369c42996df02f7f58bf1cc8aa18","size":380,"data":"","first_seen":"2025-11-22T22:15:50.582004Z","last_seen":"2026-06-06T09:28:30.244032Z","times_seen":87,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f51791e24da7d1479f688c818c721c7","sha1":"8464a61bc2a127b5eb4c8d1274b3352477dec6cd","sha256":"72b645868368eaaa7ea5969e0cb7b461e4c0a92ae7ad3279250cce1b8898dc11","sha512":"91fa7204998b267fc554ddec1dc88e556705caeca7bd4150c903c899ba6cff4a11e3eb8d6ce8205e0e853116ddaef6f91d04a0adb1f1dbe6a1ddc1e0fec9d799","ssdeep":"","tlshash":"ed71005a69b618791163743c33dfb2803571d0832445ee09bd8c87982f9d9a99cf3bd8","size":3755,"data":"","first_seen":"2025-12-16T08:44:23.758567Z","last_seen":"2026-06-06T09:28:30.245531Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.violetfigure.com/ecc874/5a3c529f321a.js","fqdn":"www.violetfigure.com","domain":"violetfigure.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"447cca948e0d2fa031f44b69518ebe3d","sha1":"b8d8a8c2e9e19b387c2116b26ce01d13c70a2925","sha256":"5ddc20f200dacafd87485fb4cd3de6bf49076d898d03cee224d31defbcd61575","sha512":"d90f0de2d0ee34ea66bccdf6b5988636151bfc4a4fac838d3a3a2caebf34533a9531ea815af4c8d9b90642d5cf7d73d741e5fa8a4f8e7db68ccbf5930007becd","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvb:OijxEQq3P5Enne9zkWHLN","tlshash":"17a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","size":103675,"data":"","first_seen":"2026-03-27T08:13:47.852955Z","last_seen":"2026-03-30T07:03:35.12516Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"matomo.ieplsg.com/matomo.php?action_name=Kra20at%20Cc\u0026idsite=3288\u0026rec=1\u0026r=013948\u0026h=23\u0026m=25\u0026s=26\u0026url=https%3A%2F%2Fkra20at.cc%2F\u0026_id=454800a4917bc3c4\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=3uCQXF\u0026pf_net=238\u0026pf_srv=137\u0026pf_tfr=178\u0026pf_dm1=57\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"matomo.ieplsg.com","domain":"ieplsg.com","tld":"com"},"ip":{"addr":"104.21.55.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ieplsg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 31 Jan 2026 17:59:47 GMT","end":"Fri, 01 May 2026 18:57:05 GMT"},"fingerprint":{"sha1":"92:1F:00:EC:B6:66:3A:1F:21:0F:62:B2:20:6D:80:22:53:F3:DB:89","sha256":"08:84:D9:6A:ED:8E:76:13:E7:08:42:F1:DE:1E:42:0D:A2:AB:D8:CE:31:1C:5F:25:1A:B0:01:24:48:8F:49:93"}}},"request":{"raw":"POST /matomo.php?action_name=Kra20at%20Cc\u0026idsite=3288\u0026rec=1\u0026r=013948\u0026h=23\u0026m=25\u0026s=26\u0026url=https%3A%2F%2Fkra20at.cc%2F\u0026_id=454800a4917bc3c4\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=3uCQXF\u0026pf_net=238\u0026pf_srv=137\u0026pf_tfr=178\u0026pf_dm1=57\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: matomo.ieplsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 23:25:27 GMT\r\npriority: u=6,i=?0\r\nx-powered-by: PHP/8.2.26\r\naccess-control-allow-origin: https://kra20at.cc\r\naccess-control-allow-credentials: true\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zKITUJ0gt2tMng9x9md355M9o4b%2BTc%2FrWD85LH6qqkhfiIZA8aGyVpbSosbmd9v5c1s%2BF1MymWvN%2Fd8G3Qe7YvAZoY4EyqQOemtyQ12Wf0FAzXw41Kzex6Ys6cWUkmVwblXxdw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e3a64e079245684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"PHP:8.2.26","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":601,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":600,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.violetfigure.com/ecc874/5a3c529f321a.js","fqdn":"www.violetfigure.com","domain":"violetfigure.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.violetfigure.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 07:03:28 GMT","end":"Thu, 25 Jun 2026 07:03:27 GMT"},"fingerprint":{"sha1":"C4:1B:D7:79:8F:78:F6:E4:8F:53:20:0E:18:61:72:C0:9E:57:C6:8D","sha256":"C6:CC:3A:11:33:28:84:74:06:FF:35:9F:19:28:AB:E4:0E:A6:E7:7B:28:5A:FE:9E:5F:E8:53:1A:67:2B:D5:01"}}},"request":{"raw":"GET /ecc874/5a3c529f321a.js HTTP/1.1\r\nHost: www.violetfigure.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: text/plain\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Mon, 30 Mar 2026 23:25:26 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103675,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"447cca948e0d2fa031f44b69518ebe3d","sha1":"b8d8a8c2e9e19b387c2116b26ce01d13c70a2925","sha256":"5ddc20f200dacafd87485fb4cd3de6bf49076d898d03cee224d31defbcd61575","sha512":"d90f0de2d0ee34ea66bccdf6b5988636151bfc4a4fac838d3a3a2caebf34533a9531ea815af4c8d9b90642d5cf7d73d741e5fa8a4f8e7db68ccbf5930007becd","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvb:OijxEQq3P5Enne9zkWHLN","tlshash":"17a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2026-03-27T08:13:47.852955Z","last_seen":"2026-03-30T07:03:35.12516Z","times_seen":39,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":45,"dns":1,"connect":19,"send":0,"wait":21,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/static/favicons/kra20at.cc.ico","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"104.131.175.233","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:27.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra20at.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 22:43:55 GMT","end":"Sat, 28 Mar 2026 22:43:54 GMT"},"fingerprint":{"sha1":"49:62:68:EF:D5:5A:BD:EF:4E:3F:08:87:35:A5:96:29:2F:05:03:4B","sha256":"97:EA:9C:0D:65:4F:DF:A5:A7:1B:19:C5:CE:44:19:C8:C6:5F:A1:37:20:C2:20:A0:2F:BA:AF:37:C5:20:F9:9A"}}},"request":{"raw":"GET /static/favicons/kra20at.cc.ico HTTP/1.1\r\nHost: kra20at.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nCookie: _pk_id.3288.cdb1=454800a4917bc3c4.1774740326.; _pk_ses.3288.cdb1=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 28 Mar 2026 23:18:25 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 12255\r\ncontent-disposition: inline; filename=kra20at.cc.ico\r\nlast-modified: Sun, 28 Dec 2025 15:45:29 GMT\r\ncache-control: no-cache\r\netag: \"1766936729.5969455-12255-3558873762\"\r\ncontent-security-policy: frame-ancestors 'self' https://kra20at.cc;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12255,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 4 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 32x32 with \n- PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"df4b416cb097e9066e3260ff0b472e18","sha1":"cb0983dff96e9c48fcf519f4ec0572165e6ecc58","sha256":"4c48021ba9cfdda98b022def0f36e2f2ad8ce9390bb8b63eb23d3fff8e945da1","sha512":"dbce063f484d02b2e942165d604c8054668a29f5a54fed6546ce2c7b3565949bee76c38c6b53f46d3c2f076478d921c2af86d9fc8c797bb05c1fefcfede7bf42","ssdeep":"192:kKlxVpm4sHFPArYBBTRZ452i5/8H1Pu4sZFe6ChCBhMf7ZW1ytDlPwSbAXeG3YJk:jxVpm1Az2g/w1fsrYm1ipbkXYJk","tlshash":"7142affb1d320abcc36712d67c0301b97d257a7e2577264606a9cdade00662e35d3273","first_seen":"2025-12-21T07:21:32.492861Z","last_seen":"2026-03-28T23:25:48.128526Z","times_seen":7,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":107,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T23:25:24.257Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: kra20at.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":218,"dns":0,"connect":103,"send":0,"wait":0,"receive":0,"ssl":119},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"stableaspect.com/bJX/V.sndkGQlD0mY/WEcU/secmo9/uNZVU/ltkbPFT/Yr3sMaDygP4/Mdj-kftzNyjfc/wtOIDogvzTMYAI","fqdn":"stableaspect.com","domain":"stableaspect.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"stableaspect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 27 Jan 2026 18:04:20 GMT","end":"Mon, 27 Apr 2026 18:04:19 GMT"},"fingerprint":{"sha1":"C6:EF:EC:2D:62:50:92:74:49:42:92:BC:A5:7A:B4:5C:63:D9:84:6F","sha256":"1C:11:FF:0D:6D:4B:0F:A6:05:0B:E1:6B:FD:5E:D5:0D:F7:57:29:EC:FE:5A:70:FB:71:E3:20:5C:AF:BB:C9:89"}}},"request":{"raw":"GET /bJX/V.sndkGQlD0mY/WEcU/secmo9/uNZVU/ltkbPFT/Yr3sMaDygP4/Mdj-kftzNyjfc/wtOIDogvzTMYAI HTTP/1.1\r\nHost: stableaspect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: application/javascript\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-methods: GET\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-origin: https://kra20at.cc\r\naccess-control-allow-headers: Content-Type\r\nlast-modified: Sat, 28 Mar 2026 23:25:26 GMT\r\nset-cookie: uniqCookie=aa722b92b6b4279419677f0332b7b798; max-age=1777332326; path=/\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223091,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (23377)","md5":"9c338e19fde5b8ffd3fd5cfaddd54cc4","sha1":"a5bd69910e5ac152962f1fbc69130af2a8c82158","sha256":"78a269cf47e339613e9ed413c978282ebfe1420e6b016cc4a7b4a09070ce21d9","sha512":"b2fc78b3599dda1fe2ac8fe93292cbbaa7281e9fe6e7b4f602e7d834ff0d68edd954b69b6266bd216166511d32e3e8a00782067f3ecc99ceb1749652da0909bf","ssdeep":"6144:wxZboEBkleZyqpMVCrQB42X040I27lFG5ClE5yyoOSHZ3dDDgJby:waqpML0I2/Dy+","tlshash":"40243c9a3692747906f600a57477520ab2390a5b3d098024bc7cece57da9e4f733bfb4","first_seen":"2026-03-28T23:25:48.131611Z","last_seen":"2026-03-28T23:25:48.131611Z","times_seen":1,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":55,"dns":1,"connect":17,"send":0,"wait":76,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdk4push.com/event?z=2191812","fqdn":"sdk4push.com","domain":"sdk4push.com","tld":"com"},"ip":{"addr":"157.90.33.122","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sdk4push.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Feb 2026 03:38:19 GMT","end":"Fri, 22 May 2026 03:38:18 GMT"},"fingerprint":{"sha1":"C5:94:FD:0A:4A:7A:2E:36:52:7A:B4:08:7A:04:B6:2C:93:AB:D2:55","sha256":"6C:8B:57:93:74:D0:0D:DB:6B:BF:77:7E:F5:AD:87:71:AC:71:7C:9D:3E:C0:BE:D2:C0:E7:05:25:BE:AA:F9:9F"}}},"request":{"raw":"POST /event?z=2191812 HTTP/1.1\r\nHost: sdk4push.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 91\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":91,"data":"{\"event\":\"request\",\"zone_id\":2191812,\"subid1\":\"kra20at.cc\",\"subid2\":\"\",\"ext_click_id\":null}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: Angie\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: https://kra20at.cc\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\ncache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 00:00:00 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.stay22.com/ext/partner?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaid\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22=","fqdn":"www.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.10.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stay22.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 02:40:42 GMT","end":"Wed, 27 May 2026 02:40:41 GMT"},"fingerprint":{"sha1":"16:D2:A9:1E:39:72:37:32:C5:29:0F:03:F3:EB:17:A3:85:47:17:50","sha256":"05:BC:8C:0C:03:CA:C9:23:96:BD:EE:5F:D4:26:79:C7:2B:92:B2:1B:9B:FB:31:9C:E7:7C:37:5B:7E:35:21:8F"}}},"request":{"raw":"OPTIONS /ext/partner?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaid\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22= HTTP/1.1\r\nHost: www.stay22.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: ref22,sid22\r\nReferer: https://kra20at.cc/\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nvary: Access-Control-Request-Headers, Accept-Encoding\r\naccess-control-allow-headers: ref22,sid22\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-envoy-upstream-service-time: 6\r\nserver: cloudflare\r\nset-cookie: session22=s%3A08232846-0bfe-4cb4-970f-9d7c8edfaa8d.Purgm9AyHS%2Fvvof31bV8nlIc6ZVf9766wxkF1iCZRdE; Path=/; Expires=Tue, 31 Mar 2026 23:25:26 GMT; HttpOnly; Secure; Partitioned; SameSite=None\n__cf_bm=q1jAT3eW0oqvVunSmJwEu9ousIAeDvkahpqvCpdpVHY-1774740326.6936963-1.0.1.1-1F8BmNDgDL2mehm4_wKpoaN4psOuGS3Rr9tMe_5.OXEMMb0P3NyZ1UHtaUfBJDgywf.g7as0rs9DPXlswJRaBHeo1WbjLoV_nqqiY0uM.Fnt1c7gQ.T0NChJ4FllfKie; HttpOnly; Secure; Path=/; Domain=stay22.com; Expires=Sat, 28 Mar 2026 23:55:26 GMT\n_cfuvid=0.7IFJgEcKKrmwSVRXmbrK14emmW.govs3wV.u8xb9c-1774740326.6936963-1.0.1.1-Dcg2X5MNO6tCvQrNg2obYJpMGBPc.kRZJRjcDa5lAio; HttpOnly; SameSite=None; Secure; Path=/; Domain=stay22.com\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9e3a64e1de925697-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":7,"dns":35,"connect":1,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stableaspect.com/YJ2.xKpLZMW_5O0PZQGRF-0TYUTV9Wy_cYmZlakbP-WdQezfNgT_Yi4jMkzlZ-inYoTpQq5_NsztMu1vM-2xQy2zOAD_RCmDMEWFQ-zHMIjJEK4_ZMWNUO1PM-DRBSjT","fqdn":"stableaspect.com","domain":"stableaspect.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"stableaspect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 27 Jan 2026 18:04:20 GMT","end":"Mon, 27 Apr 2026 18:04:19 GMT"},"fingerprint":{"sha1":"C6:EF:EC:2D:62:50:92:74:49:42:92:BC:A5:7A:B4:5C:63:D9:84:6F","sha256":"1C:11:FF:0D:6D:4B:0F:A6:05:0B:E1:6B:FD:5E:D5:0D:F7:57:29:EC:FE:5A:70:FB:71:E3:20:5C:AF:BB:C9:89"}}},"request":{"raw":"POST /YJ2.xKpLZMW_5O0PZQGRF-0TYUTV9Wy_cYmZlakbP-WdQezfNgT_Yi4jMkzlZ-inYoTpQq5_NsztMu1vM-2xQy2zOAD_RCmDMEWFQ-zHMIjJEK4_ZMWNUO1PM-DRBSjT HTTP/1.1\r\nHost: stableaspect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 40\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":40,"data":"ref=https%3A%2F%2Fkra20at.cc%2F\u0026prevRef="}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.stay22.com/ext/partner?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaid\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22=","fqdn":"www.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.10.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stay22.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 02:40:42 GMT","end":"Wed, 27 May 2026 02:40:41 GMT"},"fingerprint":{"sha1":"16:D2:A9:1E:39:72:37:32:C5:29:0F:03:F3:EB:17:A3:85:47:17:50","sha256":"05:BC:8C:0C:03:CA:C9:23:96:BD:EE:5F:D4:26:79:C7:2B:92:B2:1B:9B:FB:31:9C:E7:7C:37:5B:7E:35:21:8F"}}},"request":{"raw":"GET /ext/partner?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaid\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22= HTTP/1.1\r\nHost: www.stay22.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nsid22: \r\nref22: https://kra20at.cc/\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 23:25:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\naccept-ch: Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nx-content-type-options: nosniff\r\netag: W/\"5ed-940P7Dkwz9W8Nv4PkZSg6E57kQA\"\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-envoy-upstream-service-time: 12\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nset-cookie: session22=s%3A95867493-b610-49a6-a497-6dd140d06881.cLYOioeRBE8XMm5weRc4HVL4DT5Hg7%2FMsONsm0XTA4w; Path=/; Expires=Tue, 31 Mar 2026 23:25:26 GMT; HttpOnly; Secure; Partitioned; SameSite=None\n__cf_bm=yzy97JZaKmrgZa8ndsBLU8Gdp01DB8qkP9HbWzpgaP4-1774740326.8598244-1.0.1.1-9N2kgHllwOFJ7YgZu_oS6SkuTlzPeEiIZcTHAQkDQs1J2xZHO6dzZ.rK5kCH9nfiNUnsVzF4jRGoG_L4nrr3Gd9WTV1oP0UOdA0ZACgD7IMUj35uLiFS1EIUXIFWWkbX; HttpOnly; Secure; Path=/; Domain=stay22.com; Expires=Sat, 28 Mar 2026 23:55:27 GMT\n_cfuvid=xwkeCK4_pFrIneJ8YRGRC7t25AUHdW9SbRbAKdjYG4U-1774740326.8598244-1.0.1.1-AiSCu.DOh9IZSB8gXqj9HjFGA8BrZVOoZY8iwx02SOg; HttpOnly; SameSite=None; Secure; Path=/; Domain=stay22.com\r\ncf-ray: 9e3a64e2df2d5697-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1517,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"530ad0d4e5b288fda55630adc98ae28c","sha1":"f78d0fec3930cfd5bc36fe0f9194a0e84e7b9100","sha256":"35d9decd18bf43fbb76243eb38d0983a74636ae84763cfa7b7d7d97811beb95a","sha512":"23f4f38348c345996e12c94fa5af4ca89533a30aa9f8f653691e87c971466bc5ef4bfbc80cb53125ad5afa91848a6d3f11dfc9fd149c8ec9ee230b735abddcaf","ssdeep":"","tlshash":"ce31542c48bb46bc2d19532ac9159d858bec4236a596e5c0eafe0f2436e67ec0632443","first_seen":"2026-03-28T23:25:48.134911Z","last_seen":"2026-03-28T23:25:48.134911Z","times_seen":1,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"colossal-seat.com/YC2_xEpFZ.WG5H0-ZJGKFL0MY_TO9PyQcRm-lTkUPVTWJ_lYYZjaFbj-Ndjekf0gM_jiMj3kMlG-Mn3oMp2qF_hsOtTuQv4-OxDyQz2AM_TCZDmEOFD-kH3IYJTKQ_yM","fqdn":"colossal-seat.com","domain":"colossal-seat.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"colossal-seat.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Mar 2026 05:31:20 GMT","end":"Sat, 20 Jun 2026 05:31:19 GMT"},"fingerprint":{"sha1":"D1:F5:9A:92:3D:17:ED:AF:EF:57:E2:96:F8:9D:E8:38:8E:9A:BA:D6","sha256":"DA:95:3B:A2:52:F9:BA:1A:03:A6:98:37:68:87:B9:49:B5:18:0D:06:D8:B9:AA:50:F9:F1:83:87:96:5F:0A:F4"}}},"request":{"raw":"POST /YC2_xEpFZ.WG5H0-ZJGKFL0MY_TO9PyQcRm-lTkUPVTWJ_lYYZjaFbj-Ndjekf0gM_jiMj3kMlG-Mn3oMp2qF_hsOtTuQv4-OxDyQz2AM_TCZDmEOFD-kH3IYJTKQ_yM HTTP/1.1\r\nHost: colossal-seat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 40\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":40,"data":"ref=https%3A%2F%2Fkra20at.cc%2F\u0026prevRef="}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"colossal-seat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"colossal-seat.com/b/X/VCsEd.Gglz0dYbWqcI/Me/mw9vuUZyUGlkk_PkTZYO3pMfD/gn4TM_jbkBthNfjIc/wdOaDNgszAMgAR","fqdn":"colossal-seat.com","domain":"colossal-seat.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.462Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"colossal-seat.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Mar 2026 05:31:20 GMT","end":"Sat, 20 Jun 2026 05:31:19 GMT"},"fingerprint":{"sha1":"D1:F5:9A:92:3D:17:ED:AF:EF:57:E2:96:F8:9D:E8:38:8E:9A:BA:D6","sha256":"DA:95:3B:A2:52:F9:BA:1A:03:A6:98:37:68:87:B9:49:B5:18:0D:06:D8:B9:AA:50:F9:F1:83:87:96:5F:0A:F4"}}},"request":{"raw":"GET /b/X/VCsEd.Gglz0dYbWqcI/Me/mw9vuUZyUGlkk_PkTZYO3pMfD/gn4TM_jbkBthNfjIc/wdOaDNgszAMgAR HTTP/1.1\r\nHost: colossal-seat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: application/javascript\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-origin: https://kra20at.cc\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET\r\nlast-modified: Sat, 28 Mar 2026 23:25:26 GMT\r\nset-cookie: uniqCookie=80d181ad7300ef22cd43df2f9f6efd72; max-age=1777332326; path=/\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223099,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (23377)","md5":"bfeae9da7f9dececce95b264e2c1e0be","sha1":"1f112435f034fb0147b4d56dfc15b7e2171b779f","sha256":"79718384ebf0287a529c83ba1d9468de867e89f94915e8769f6be16ebc9c0f80","sha512":"afa962dd5f005f1955d6ef411362c08c4117ba1877a7842ef4171ecc320d7feea1aa57ca088f9439e49d80e348c9e269d25873f28182909ba228a7330d01cb92","ssdeep":"6144:wxZboEBkleZy8pR7hCrQB42X040I27lFG5ClE5yyoOSHZ3dDDgJbb:wa8pRD0I2/Dy3","tlshash":"9e243c9a3692747906f600a57477520ab2390a5b3d098024bc7cece57da9e4f733bfb4","first_seen":"2026-03-28T23:25:48.139658Z","last_seen":"2026-03-28T23:25:48.139658Z","times_seen":1,"resource_available":true,"data":null}},"time_used":194,"timings":{"blocked":55,"dns":1,"connect":18,"send":0,"wait":78,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"colossal-seat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.violetfigure.com/ecc874/5a3c529f321a.js","fqdn":"www.violetfigure.com","domain":"violetfigure.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.violetfigure.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 07:03:28 GMT","end":"Thu, 25 Jun 2026 07:03:27 GMT"},"fingerprint":{"sha1":"C4:1B:D7:79:8F:78:F6:E4:8F:53:20:0E:18:61:72:C0:9E:57:C6:8D","sha256":"C6:CC:3A:11:33:28:84:74:06:FF:35:9F:19:28:AB:E4:0E:A6:E7:7B:28:5A:FE:9E:5F:E8:53:1A:67:2B:D5:01"}}},"request":{"raw":"GET /ecc874/5a3c529f321a.js HTTP/1.1\r\nHost: www.violetfigure.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Mon, 30 Mar 2026 23:25:26 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103675,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"447cca948e0d2fa031f44b69518ebe3d","sha1":"b8d8a8c2e9e19b387c2116b26ce01d13c70a2925","sha256":"5ddc20f200dacafd87485fb4cd3de6bf49076d898d03cee224d31defbcd61575","sha512":"d90f0de2d0ee34ea66bccdf6b5988636151bfc4a4fac838d3a3a2caebf34533a9531ea815af4c8d9b90642d5cf7d73d741e5fa8a4f8e7db68ccbf5930007becd","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvb:OijxEQq3P5Enne9zkWHLN","tlshash":"17a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2026-03-27T08:13:47.852955Z","last_seen":"2026-03-30T07:03:35.12516Z","times_seen":39,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":46,"dns":0,"connect":19,"send":0,"wait":19,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stableaspect.com/jserr?msg=Error%20object%20is%20undefined%20(sic).%0AUrl%3A%20https%3A%2F%2Fkra20at.cc%2F%0AVersion%3A%200.3.3\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026tag=videoim","fqdn":"stableaspect.com","domain":"stableaspect.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"stableaspect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 27 Jan 2026 18:04:20 GMT","end":"Mon, 27 Apr 2026 18:04:19 GMT"},"fingerprint":{"sha1":"C6:EF:EC:2D:62:50:92:74:49:42:92:BC:A5:7A:B4:5C:63:D9:84:6F","sha256":"1C:11:FF:0D:6D:4B:0F:A6:05:0B:E1:6B:FD:5E:D5:0D:F7:57:29:EC:FE:5A:70:FB:71:E3:20:5C:AF:BB:C9:89"}}},"request":{"raw":"GET /jserr?msg=Error%20object%20is%20undefined%20(sic).%0AUrl%3A%20https%3A%2F%2Fkra20at.cc%2F%0AVersion%3A%200.3.3\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026tag=videoim HTTP/1.1\r\nHost: stableaspect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\naccess-control-allow-origin: https://kra20at.cc\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"id.h2.stay22.com/thumbmark","fqdn":"id.h2.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.30.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:28.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h2.stay22.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Mar 2026 17:45:06 GMT","end":"Sat, 06 Jun 2026 18:44:45 GMT"},"fingerprint":{"sha1":"DC:A6:A3:31:16:F6:6F:97:19:17:55:F1:00:FD:0C:78:66:42:A5:CA","sha256":"37:E8:D5:8E:6A:2B:4C:71:4F:F1:0C:5D:98:6F:1C:FA:D6:C4:EC:90:69:B8:E1:1B:D5:56:CD:50:0C:0C:55:56"}}},"request":{"raw":"OPTIONS /thumbmark HTTP/1.1\r\nHost: id.h2.stay22.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: authorization,content-type,x-api-key\r\nReferer: https://kra20at.cc/\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 28 Mar 2026 23:25:28 GMT\r\naccess-control-allow-origin: https://kra20at.cc\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH\r\naccess-control-allow-headers: authorization,content-type,x-api-key\r\naccess-control-allow-credentials: true\r\nx-envoy-upstream-service-time: 3\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=CMF2UTecFx.P3z_CV6Zt2GbyCZ8NvUmLZeFlHiq1868-1774740328.0675042-1.0.1.1-tRyPlEp0iu_zngCY2GrTAeuX.F.saWqQK0BHULbFoP_VKMEOrH65T41gO0FHhBcprKglhUj2JSMT_g5Qjne7yKyeUdFFYmbql8UmVxMAkPBNg.jPs53ZW7_lnMINyJ9N; HttpOnly; Secure; Path=/; Domain=h2.stay22.com; Expires=Sat, 28 Mar 2026 23:55:28 GMT\n_cfuvid=0dzwR2wukWeJHXMjGtOuzMfKvzmhj4umcOAy0GxULTE-1774740328.0675042-1.0.1.1-FLdsx.lWqUCLazJCL.1CPUmBZljaMlsJF.XSZBpZL9k; HttpOnly; SameSite=None; Secure; Path=/; Domain=h2.stay22.com\r\ncf-ray: 9e3a64ea694bb4ed-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":242,"timings":{"blocked":42,"dns":19,"connect":1,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"id.h2.stay22.com/thumbmark","fqdn":"id.h2.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.30.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:28.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"h2.stay22.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Mar 2026 17:45:06 GMT","end":"Sat, 06 Jun 2026 18:44:45 GMT"},"fingerprint":{"sha1":"DC:A6:A3:31:16:F6:6F:97:19:17:55:F1:00:FD:0C:78:66:42:A5:CA","sha256":"37:E8:D5:8E:6A:2B:4C:71:4F:F1:0C:5D:98:6F:1C:FA:D6:C4:EC:90:69:B8:E1:1B:D5:56:CD:50:0C:0C:55:56"}}},"request":{"raw":"POST /thumbmark HTTP/1.1\r\nHost: id.h2.stay22.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra20at.cc/\r\nx-api-key: 22\r\nAuthorization: custom-authorized\r\nContent-Type: application/json\r\nContent-Length: 2334\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2334,"data":"{\"components\":{\"audio\":{\"sampleHash\":1018.7317333761603,\"maxChannels\":1,\"channelCountMode\":\"max\"},\"canvas\":{\"commonPixelsHash\":\"82cad7652116417992657187c921bb21\"},\"fonts\":{\"Century\":484.04998779296875,\"Courier\":432,\"Helvetica\":448,\"Palatino\":481.5666809082031,\"Times\":447.98333740234375},\"hardware\":{\"videocard\":{\"vendor\":\"Mozilla\",\"renderer\":\"llvmpipe\",\"version\":\"WebGL 1.0\",\"shadingLanguageVersion\":\"WebGL GLSL ES 1.0\"},\"architecture\":255,\"deviceMemory\":\"0\",\"jsHeapSizeLimit\":0},\"locales\":{\"languages\":\"en-US\",\"timezone\":\"UTC\"},\"math\":{\"acos\":1.0471975511965979,\"asin\":-9.614302481290016e-17,\"cos\":-4.854249971455313e-16,\"largeCos\":0.7639704044417283,\"largeSin\":-0.6452512852657808,\"largeTan\":-0.8446024630198843,\"sin\":-1.9461946644816207e-16,\"tan\":6.980860926542689e-14},\"plugins\":{\"plugins\":[\"PDF Viewer|internal-pdf-viewer|Portable Document Format\",\"Chrome PDF Viewer|internal-pdf-viewer|Portable Document Format\",\"Chromium PDF Viewer|internal-pdf-viewer|Portable Document Format\",\"Microsoft Edge PDF Viewer|internal-pdf-viewer|Portable Document Format\",\"WebKit built-in PDF|internal-pdf-viewer|Portable Document Format\"]},\"screen\":{\"is_touchscreen\":false,\"maxTouchPoints\":0,\"colorDepth\":24,\"mediaMatches\":[\"prefers-contrast: no-preference\",\"any-hover: hover\",\"any-pointer: fine\",\"pointer: fine\",\"hover: hover\",\"update: fast\",\"prefers-reduced-motion: no-preference\",\"forced-colors: none\"]},\"system\":{\"platform\":\"Win32\",\"productSub\":\"20100101\",\"product\":\"Gecko\",\"useragent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"hardwareConcurrency\":48,\"browser\":{\"name\":\"Firefox\",\"version\":\"134.0\"},\"mobile\":false,\"applePayVersion\":0,\"cookieEnabled\":true},\"webgl\":{\"commonPixelsHash\":\"b4d492ca605f37468568619e3cb8766e\"},\"webrtc\":{\"details\":{\"supported\":true,\"audio\":{\"count\":5,\"hash\":\"5191b9ca3a566b15ad26046b592048b6\"},\"video\":{\"count\":8,\"hash\":\"2d23e120ce44abaff65ba4664df05c8d\"},\"extensionsHash\":\"bb55f5ccbce158734f97f0c3ff11c78c\",\"candidateType\":\"\"},\"hash\":\"c1c214df3442f283154cb64e995f049f\"}},\"options\":{\"exclude\":[],\"include\":[],\"stabilize\":[\"iframe\"],\"logging\":true,\"timeout\":6000,\"cache_api_call\":true,\"cache_lifetime_in_ms\":0,\"performance\":false,\"experimental\":false,\"api_endpoint\":\"https://id.h2.stay22.com\",\"api_key\":\"22\"},\"clientHash\":\"bc9c8bbe239d14a0710166248418f075\",\"version\":\"1.7.4\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 23:25:28 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: https://kra20at.cc\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH\r\naccess-control-allow-headers: accept, accept-language, authorization, content-type, x-api-key\r\naccess-control-allow-credentials: true\r\napigw-requestid: a9R4ZhEeFiAEPgQ=\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 6c7ea40580de9d2983b3dfe024472fb0.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: JFK50-P15\r\nx-amz-cf-id: ODBg-Sx0L1oIZpsHbEE952fbF_10uYzp-3CisDI8_KbGkJwgM_xnDg==\r\nx-envoy-upstream-service-time: 339\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=jzj8MF2KNuGVoRdx2GjtkoppnnON618K9XJ_Jp8bFcM-1774740328.2245963-1.0.1.1-9hO1ajjgRols_aC26PA4HZWAvZuOpCYVOzk1zRa0Uv2oCxXKfeAW_jQouWV56QpQ5eAgRdtro_ft1RSnm8EkObZn.vWkCdJuq.m2q3YUIQvJWkzmuHEzljm2Vts2XYuJ; HttpOnly; Secure; Path=/; Domain=h2.stay22.com; Expires=Sat, 28 Mar 2026 23:55:28 GMT\n_cfuvid=_jZEGRM6PS8LEoqObG78UO_BVrzEk5aB3PNcOYoMqIY-1774740328.2245963-1.0.1.1-S43f4vVQlH2csTfRry1I.HgzAAny3QazZC_jmWEO2Fs; HttpOnly; SameSite=None; Secure; Path=/; Domain=h2.stay22.com\r\ncontent-encoding: gzip\r\ncf-ray: 9e3a64eb69d9b4ed-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":898,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"949b7cfbe56e882aff546da52d1fe673","sha1":"f8ee10e17c4fbf45ae6af7ed0ec75fc9d6e1f54b","sha256":"4f26c5457c74389f57e0e84b95592e4bdcad5dcd808b31c5eb798b488c95d9a4","sha512":"518a1d760d10baf71da53330304243aabc1ea2fe5d5f94de2bfd9c3c6e08b74204ff05e425529ebe7fe0f1ffac88b0fde65314f5fd6f3cf9b0d957ef7d736110","ssdeep":"","tlshash":"c1112f115de5297a0c2483c485033d4b1bdfb382c29a3c8da789af219ed37bd18542ae","first_seen":"2026-03-28T23:25:48.141648Z","last_seen":"2026-03-28T23:25:48.141648Z","times_seen":1,"resource_available":false,"data":null}},"time_used":498,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":498,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.stay22.com/ext/partner/load?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=henburger\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaScriptBuilder\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026conmeth=normal\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22=V7EiNTpNT0Dr6jms","fqdn":"www.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.10.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:28.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stay22.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 02:40:42 GMT","end":"Wed, 27 May 2026 02:40:41 GMT"},"fingerprint":{"sha1":"16:D2:A9:1E:39:72:37:32:C5:29:0F:03:F3:EB:17:A3:85:47:17:50","sha256":"05:BC:8C:0C:03:CA:C9:23:96:BD:EE:5F:D4:26:79:C7:2B:92:B2:1B:9B:FB:31:9C:E7:7C:37:5B:7E:35:21:8F"}}},"request":{"raw":"OPTIONS /ext/partner/load?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=henburger\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaScriptBuilder\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026conmeth=normal\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22=V7EiNTpNT0Dr6jms HTTP/1.1\r\nHost: www.stay22.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: abtest22,ref22,sid22\r\nReferer: https://kra20at.cc/\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 28 Mar 2026 23:25:28 GMT\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nvary: Access-Control-Request-Headers, Accept-Encoding\r\naccess-control-allow-headers: abtest22,ref22,sid22\r\nx-envoy-upstream-service-time: 5\r\nserver: cloudflare\r\nset-cookie: session22=s%3AV7EiNTpNT0Dr6jms.BlVJm6lViw269zzhm1pvjaxG2J%2Fs8BPqvyAdEUhefrg; Max-Age=259200; Path=/; Expires=Tue, 31 Mar 2026 23:25:28 GMT; Secure; Partitioned; SameSite=None\n__cf_bm=SkYNBiTIs8gE9Vph_8PsqNvT9GtcBcuEEdxCibwMpKs-1774740328.7363544-1.0.1.1-0M9qVYpMD0qkaW6fJBVO9kapr74eK7qbf8QMElKuiASSgvfltR9LE23eQBjnArc_C_qh.PDfcENWoORdtTR1owLpLkfOs.IApcDEsxMsaZ9WT8fQvfnnSVBPv4w2ERyt; HttpOnly; Secure; Path=/; Domain=stay22.com; Expires=Sat, 28 Mar 2026 23:55:28 GMT\n_cfuvid=kp8BWxg86Cf5VZYjlLcVDnSqVXrWfjPvJTHIU60oDVU-1774740328.7363544-1.0.1.1-4WCZJGzjUkuyI3NaK7qLaxQTcOSsoYM9xsEUobZwvKk; HttpOnly; SameSite=None; Secure; Path=/; Domain=stay22.com\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9e3a64ee9e135697-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.stay22.com/ext/partner/load?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=henburger\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaScriptBuilder\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026conmeth=normal\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22=V7EiNTpNT0Dr6jms","fqdn":"www.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.10.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:28.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stay22.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 02:40:42 GMT","end":"Wed, 27 May 2026 02:40:41 GMT"},"fingerprint":{"sha1":"16:D2:A9:1E:39:72:37:32:C5:29:0F:03:F3:EB:17:A3:85:47:17:50","sha256":"05:BC:8C:0C:03:CA:C9:23:96:BD:EE:5F:D4:26:79:C7:2B:92:B2:1B:9B:FB:31:9C:E7:7C:37:5B:7E:35:21:8F"}}},"request":{"raw":"GET /ext/partner/load?lmaID=69693e71c9c7a9a6ffc3b7c2\u0026aid=henburger\u0026campaign=kra20atcc\u0026product=lma\u0026installationMethod=lmaScriptBuilder\u0026version=4722f95\u0026habl=false\u0026isinc=true\u0026hasTP=false\u0026conmeth=normal\u0026preservecampaign=false\u0026qpID=\u0026keepItPretty=false\u0026disableLinkSwap=false\u0026canRoam=false\u0026disableHyperlink=false\u0026disableWidgets=false\u0026disablepop=false\u0026ref22=https%3A%2F%2Fkra20at.cc%2F\u0026sid22=V7EiNTpNT0Dr6jms HTTP/1.1\r\nHost: www.stay22.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nsid22: V7EiNTpNT0Dr6jms\r\nref22: https://kra20at.cc/\r\nabtest22: {\"testName\":\"xx-controlab\",\"isOn\":false,\"version\":\"ctrl\",\"weight\":1}\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\ndate: Sat, 28 Mar 2026 23:25:29 GMT\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccept-ch: Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nx-envoy-upstream-service-time: 6\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nset-cookie: session22=s%3AV7EiNTpNT0Dr6jms.BlVJm6lViw269zzhm1pvjaxG2J%2Fs8BPqvyAdEUhefrg; Max-Age=259200; Path=/; Expires=Tue, 31 Mar 2026 23:25:28 GMT; Secure; Partitioned; SameSite=None\n__cf_bm=k9lXC8ktXl8Ydu1_NeKiCMv4s.gjyu8tHtSwEF2xp9Y-1774740328.8840976-1.0.1.1-yjtB9pvD0uMM9Y2LPKEPGb8yNawxKXTFZ.ksaUyhxPF0HjOQBYMFqdQLJHKPHQ.O4GiIiurcRBV50RBRBAJYis5E_7gLV3Bi452cpkNQyqppokd6EpP8FeAlhkJGExV8; HttpOnly; Secure; Path=/; Domain=stay22.com; Expires=Sat, 28 Mar 2026 23:55:29 GMT\n_cfuvid=eb61vhMLkQjAMxdsol68xjU89n0U65XKXbHIIUVoPjY-1774740328.8840976-1.0.1.1-AKh592KWsTwJJHOvfwbGfttXpfpKdej8W7Sc6Mua0hw; HttpOnly; SameSite=None; Secure; Path=/; Domain=stay22.com\r\npriority: u=3,i=?0\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9e3a64ef8c390731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":0,"dns":1,"connect":0,"send":0,"wait":145,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra20at.cc/","fqdn":"kra20at.cc","domain":"kra20at.cc","tld":"cc"},"ip":{"addr":"104.131.175.233","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T23:25:25.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra20at.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 22:43:55 GMT","end":"Sat, 28 Mar 2026 22:43:54 GMT"},"fingerprint":{"sha1":"49:62:68:EF:D5:5A:BD:EF:4E:3F:08:87:35:A5:96:29:2F:05:03:4B","sha256":"97:EA:9C:0D:65:4F:DF:A5:A7:1B:19:C5:CE:44:19:C8:C6:5F:A1:37:20:C2:20:A0:2F:BA:AF:37:C5:20:F9:9A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kra20at.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 28 Mar 2026 23:18:24 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-security-policy: frame-ancestors 'self' https://kra20at.cc;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Clicky","description":"Clicky is web an analytics tool which helps you to get real-time analysis including spy view.","website":"https://getclicky.com","common_platform_enumeration":"","icon":"Clicky.png","categories":["Analytics"]}],"data":{"size":51848,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1219), with CRLF, LF line terminators","md5":"d43f1fde3a57a1e52caa2591b1a9091f","sha1":"ac1aa600d240feb03a85dc9e3c24f363c4410fb1","sha256":"6ce770ec0aaf309649f33450f3a876fb0dae297101e6df1e9a73e78c890ea3eb","sha512":"b42e569adb9e25ace23ad8a36d71b528788e864919bf1078499bfa803e369ef18a2a10340f005c6be04d9e1b2223375ccddddab900937684bd6f641591b89cca","ssdeep":"1536:QIh7+3P/7GoD90SWm1WVVyWObfERylYTTR9:XhSPQvRylYTT/","tlshash":"fa33e91226a220352073527eb7e6974af621c00bd205c95ebeec83584fb97945ef7b9c","first_seen":"2026-03-28T23:20:43.952424Z","last_seen":"2026-03-28T23:25:48.143939Z","times_seen":2,"resource_available":false,"data":null}},"time_used":593,"timings":{"blocked":228,"dns":1,"connect":104,"send":0,"wait":137,"receive":0,"ssl":120},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"kra20at.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"scripts.stay22.com/letmeallez.js","fqdn":"scripts.stay22.com","domain":"stay22.com","tld":"com"},"ip":{"addr":"104.18.11.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stay22.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 02:40:42 GMT","end":"Wed, 27 May 2026 02:40:41 GMT"},"fingerprint":{"sha1":"16:D2:A9:1E:39:72:37:32:C5:29:0F:03:F3:EB:17:A3:85:47:17:50","sha256":"05:BC:8C:0C:03:CA:C9:23:96:BD:EE:5F:D4:26:79:C7:2B:92:B2:1B:9B:FB:31:9C:E7:7C:37:5B:7E:35:21:8F"}}},"request":{"raw":"GET /letmeallez.js HTTP/1.1\r\nHost: scripts.stay22.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=3600\r\nlast-modified: Thu, 26 Mar 2026 13:31:44 GMT\r\netag: W/\"45f99-19d2a580200\"\r\nx-envoy-upstream-service-time: 7\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nage: 29996\r\nexpires: Sun, 29 Mar 2026 00:25:26 GMT\r\ncf-cache-status: HIT\r\nset-cookie: __cf_bm=Cd3vdymFY_2kW4bX2opwgR4Ox.mE7NeNANmxODFCa0w-1774740326.3521483-1.0.1.1-ExRgOJLGVB_wJE4l6kANBBJ0FfZmbQkoBNKEYA3umN3C0ldFP2yur_g4oUg7GgdXzBsfsKHcWynYLKS4AH7Ev5QsP2ERiTsVAoV5WmZJAgIV.XL1pmK_X4yD_nRF6lHo; HttpOnly; Secure; Path=/; Domain=stay22.com; Expires=Sat, 28 Mar 2026 23:55:26 GMT\n_cfuvid=Hlukrxyfuia.Kghw5k13CMp.02Q7G98dRNPbnO8.8Aw-1774740326.3521483-1.0.1.1-R8cMIzUca_jnNyQsmBO1LlH4C0u3rVgh8nTrF3z30VU; HttpOnly; SameSite=None; Secure; Path=/; Domain=stay22.com\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\ncf-ray: 9e3a64dfb9b91525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":286617,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65507)","md5":"233d29ad5304c323697764b1a4512026","sha1":"48fd3398be515dd64b3bc69d891a4dd2769f6a30","sha256":"3aa343db4d12a7a3e070900b3dc231aaf8fd225b6ecfe0490fc7beca1ae16381","sha512":"e0c0e62d149297506ea94b83509c88af01cf2f075ebdc01e69ccafd64cc4c867025f730f5389732f31f54376f49ee3d376fb23be21c0c172c934214957abae9b","ssdeep":"6144:dpzk9OnCVmVIxQv+dwpze5pV9RcqpX33rCMTVbKVOX5LyRWFlPO4+Ppc9Y+vJrwz:dpzk9IaZQv+r3Jho","tlshash":"01544bdc72d6b86243ab606810bf5007f17a7895284ea014f665d8ee3eb4b4590fbf7c","first_seen":"2026-03-26T17:11:57.852941Z","last_seen":"2026-03-29T03:29:31.483179Z","times_seen":47,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":34,"dns":22,"connect":1,"send":0,"wait":8,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"matomo.ieplsg.com/matomo.js","fqdn":"matomo.ieplsg.com","domain":"ieplsg.com","tld":"com"},"ip":{"addr":"104.21.55.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ieplsg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 31 Jan 2026 17:59:47 GMT","end":"Fri, 01 May 2026 18:57:05 GMT"},"fingerprint":{"sha1":"92:1F:00:EC:B6:66:3A:1F:21:0F:62:B2:20:6D:80:22:53:F3:DB:89","sha256":"08:84:D9:6A:ED:8E:76:13:E7:08:42:F1:DE:1E:42:0D:A2:AB:D8:CE:31:1C:5F:25:1A:B0:01:24:48:8F:49:93"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: matomo.ieplsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 21925\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 25 Sep 2024 19:00:05 GMT\r\netag: \"10784-622f63adb1740-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1154\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P%2Fx5UQabICbGV2fem%2B0OEBCfjWOnYlV6YbeEYGcGeBIr%2BlSnvjjHPY2xAJTXWNoJ72%2BPpagMwQLZcfoOuiBsDw74qajXon2c5oc63oMadCGN0MpkRDYijwSIpaoIMcIdgfNKkQ%3D%3D\"}]}\r\ncf-ray: 9e3a64dfe86e0b4d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67460,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (2854)","md5":"97b41888a87c22615114d73c91cc70a3","sha1":"a9e02fdb328a29bd8753e7000d0afe6ef635aad1","sha256":"f2e8975ed834c578c50d3923ceb26de04d4fa44f74380f45f147585d909a874d","sha512":"0023e6fd1e095cb37ffd94393f583f9a1ad1fe18a03b72bd035d431401038b48cc9689e2bbf4b0bbee5b6082e77db6e2bdd55b4d5ffb1c45f86e0f330789c10f","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEy+XzsyWbuds06Vdda8EbdAAOV4ITzvBCQaFLa:AT+Z2fuULzsyWbbVdda8EbdAA0XvBv5","tlshash":"0263d5ca72c275398bca6074603f1187b17aada7144cc4a4f56ac4fa3c3891e957bf78","first_seen":"2024-05-09T17:51:40Z","last_seen":"2026-06-07T15:26:35.730042Z","times_seen":5086,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":60,"dns":35,"connect":1,"send":0,"wait":10,"receive":1,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stableaspect.com/dfmgF_z.diGjNkvlZ-GnUo/pcqn_NsytYuzv1-2xYyXzNA0_aCWD0EmFc-2HlIkJPKS_ZM6NbO2P5-lRaSWTQU9_NWjXcYwZO-DbgczdMeQ_","fqdn":"stableaspect.com","domain":"stableaspect.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"stableaspect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 27 Jan 2026 18:04:20 GMT","end":"Mon, 27 Apr 2026 18:04:19 GMT"},"fingerprint":{"sha1":"C6:EF:EC:2D:62:50:92:74:49:42:92:BC:A5:7A:B4:5C:63:D9:84:6F","sha256":"1C:11:FF:0D:6D:4B:0F:A6:05:0B:E1:6B:FD:5E:D5:0D:F7:57:29:EC:FE:5A:70:FB:71:E3:20:5C:AF:BB:C9:89"}}},"request":{"raw":"GET /dfmgF_z.diGjNkvlZ-GnUo/pcqn_NsytYuzv1-2xYyXzNA0_aCWD0EmFc-2HlIkJPKS_ZM6NbO2P5-lRaSWTQU9_NWjXcYwZO-DbgczdMeQ_ HTTP/1.1\r\nHost: stableaspect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra20at.cc/\r\nOrigin: https://kra20at.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: text/xml\r\nvary: Accept-Encoding\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://kra20at.cc\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68,"size_decoded":0,"mime_type":"text/xml","magic":"ASCII text, with no line terminators","md5":"e75e81cc4ef4e4513e1c1c5a912f4256","sha1":"c66b6d05e57cf1bcff3eb3a3d0db8e1ae0c7cf20","sha256":"f3307fffa03a34bc19f8f7dc99ede770e098497b27e98aecd383d284abae50b3","sha512":"514ee3d753ea4170c4ef9fa78f9bbe30961017ba9adc3a1f40ac5c1b4c558abd82ccb0b22737a08eab910cd785cfcbc9c0ca0cae0bb35461fae59e2e1c47ab60","ssdeep":"","tlshash":"6aa022ccc202c0208288ef0030f0000233a0a28a82c28cccf0e208aa30000c032002cc","first_seen":"2023-05-12T08:34:43Z","last_seen":"2026-06-07T02:23:12.311011Z","times_seen":810,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"stableaspect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdk4push.com/f/sdk.js?z=2191812","fqdn":"sdk4push.com","domain":"sdk4push.com","tld":"com"},"ip":{"addr":"157.90.33.122","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sdk4push.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Feb 2026 03:38:19 GMT","end":"Fri, 22 May 2026 03:38:18 GMT"},"fingerprint":{"sha1":"C5:94:FD:0A:4A:7A:2E:36:52:7A:B4:08:7A:04:B6:2C:93:AB:D2:55","sha256":"6C:8B:57:93:74:D0:0D:DB:6B:BF:77:7E:F5:AD:87:71:AC:71:7C:9D:3E:C0:BE:D2:C0:E7:05:25:BE:AA:F9:9F"}}},"request":{"raw":"GET /f/sdk.js?z=2191812 HTTP/1.1\r\nHost: sdk4push.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Angie\r\ndate: Sat, 28 Mar 2026 23:25:26 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 15242\r\ncontent-encoding: gzip\r\ncache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":54787,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (54745), with no line terminators","md5":"4018ad296da1caed34597f1e0ba53d28","sha1":"f4eb27979f1d7c9ee092f270d739466e8da537f9","sha256":"10de896ad40948b2a23b11a5eaf48ef59583762ee9ed8bb8ba40a308ce12dc93","sha512":"5799c4411f4f36aeee2ea0d3c4065672eb2709071b9338ca84607435c52482490f8d03fffbb6029e21e6f247be124eafadff6970644718c996cc7d75f29a6807","ssdeep":"1536:/7LMSZcnLitlCr8WoeisV69SDG3nY+kH+s9K:/7L1Y2NViB9K","tlshash":"b833818877c6713412a7a4ac056f50d6eb2b3c34944e890adc53f3a2297576eef23d74","first_seen":"2025-04-03T01:19:28.743234Z","last_seen":"2026-06-07T15:26:35.748854Z","times_seen":620,"resource_available":true,"data":null}},"time_used":310,"timings":{"blocked":134,"dns":33,"connect":33,"send":0,"wait":36,"receive":1,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lumbering-main.com/c_DF9m6.bd2F5KlKS/WRQC9iNVjMc/wmOTDugoyXN_y/0/2/N/zVAG4/OHDQIz4G/?sId=kra20at.cc","fqdn":"lumbering-main.com","domain":"lumbering-main.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra20at.cc/","date":"2026-03-28T23:25:26.323Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /c_DF9m6.bd2F5KlKS/WRQC9iNVjMc/wmOTDugoyXN_y/0/2/N/zVAG4/OHDQIz4G/?sId=kra20at.cc HTTP/1.1\r\nHost: lumbering-main.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kra20at.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T02:34:21.078592Z","times_seen":16227496,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}