{"report_id":"5dd5bc5a-36a0-4f1d-b843-c44b5c9abf5c","version":6,"status":"done","tags":[],"date":"2026-03-18T15:41:07Z","url":{"schema":"https","addr":"kr2trfa.xyz/","fqdn":"kr2trfa.xyz","domain":"kr2trfa.xyz","tld":"xyz"},"ip":{"addr":"172.67.132.189","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kr2trfa.xyz/","fqdn":"kr2trfa.xyz","domain":"kr2trfa.xyz","tld":"xyz"},"title":"KRAKEN","dom":{"size":20235,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15158)","md5":"ff3b2033a27b251848a546a0806518c7","sha1":"0e3eb4618a796f560f5c1ad28880d5d204d9b53b","sha256":"421e2127e70bb6c5678b7019c6ed8ac8e828aa44710a1241e133a9e80010aa55","sha512":"cc75380ecdbeec26352a37bc35d360baa9657981da34faf00eb4c2b2d46fa8b42f8c25745c86ff6ad682603bf90e07aeb9bf36bae9dd17dad07e3462b35b557f","ssdeep":"384:nQnVfIn/AJ7L+rVyKZslCm26xxsWYrDJHPOGz22USZFx:nQnVf8AJv+rXvm5l0Oo225Fx","tlshash":"c192ae15daa7109bac02e018bf8652932fe8847b444df6647f8cd5e92fc95e48a7378c","dom_hash":"domhashe192326cf64dd9fe5c9525758063724f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"kr2trfa.xyz/","fqdn":"kr2trfa.xyz","domain":"kr2trfa.xyz","tld":"xyz"},"ip":{"addr":"172.67.132.189","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-22T15:41:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"kr2trfa.xyz","ip":{"addr":"104.21.5.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-18T15:41:07.544051Z","last_seen":"2026-03-18T15:41:07.544051Z","alert_count":6,"request_count":3,"received_data":23108,"sent_data":1345,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kr2trfa.xyz/","fqdn":"kr2trfa.xyz","domain":"kr2trfa.xyz","tld":"xyz"},"ip":{"addr":"104.21.5.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"273a567817a222ea36919fed78ed00ab","sha1":"f06cf879535c926fcbfac6a0db31e6706f6ca8c9","sha256":"11704e45a48552b3c0b2401e267c18d07102c0519b68178b4a4560ef631fde1c","sha512":"95502cfd7842634e46346f85c7355dfddaeec1781591dfd4d3db8fd11dc63682f297e550ae952353dd5aa181d547b24165cbf023ddb4038a79d86c1be62c9681","ssdeep":"","tlshash":"2ee02076e352410399e1e0258d70658c603000db6c49f6bad0597451710defb747bdba","size":341,"data":"","first_seen":"2025-03-05T21:23:04.354995Z","last_seen":"2026-06-06T04:44:48.462876Z","times_seen":178,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"kr2trfa.xyz/favicon.ico","fqdn":"kr2trfa.xyz","domain":"kr2trfa.xyz","tld":"xyz"},"ip":{"addr":"104.21.5.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kr2trfa.xyz/","date":"2026-03-18T15:40:38.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kr2trfa.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 11:01:50 GMT","end":"Sat, 13 Jun 2026 11:01:49 GMT"},"fingerprint":{"sha1":"E9:9A:D4:70:92:75:23:00:BE:A2:7A:3B:49:45:02:2B:D8:47:21:BB","sha256":"B4:28:D6:69:EB:F7:ED:E6:1D:66:2F:C9:E6:DC:FC:B1:A8:2A:C6:22:08:53:70:EF:B3:46:5F:72:1F:D9:7B:72"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kr2trfa.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kr2trfa.xyz/\r\nCookie: scheck=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:40:38 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fM%2F1ruUfeyZiqY1SL11Z%2Fn7NWdayvbGCegV6%2FEz3hA4g8l%2B2OOtNSOS6W%2BDlzimJyUrzwc%2FRz02u5BI98gRzaH3%2BcEDQqQyf6PPH\"}]}\r\nlast-modified: Fri, 24 Oct 2025 14:51:09 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"68fb925d-256\"\r\ncf-ray: 9de5564429740d2b-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":598,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced","md5":"88dce50c34a848e75b6c7d916711e6b9","sha1":"0355f55c57c14900477cc886f3345b1e898fe28e","sha256":"4f0b7e5217318eedc1b42ca1ce5e128c649c97082912f1d800eec1325207ad96","sha512":"f6e0828ce51c9e2cb462b4884f01a5fb7083e4f26eeea1b596c5d04144b9226efb62347199546ce81e0473d97231cb1f6468ccc94e620cf83ffd9035fb63eed5","ssdeep":"","tlshash":"faf00ce3e838f489c98e2ca222911201da7585a723800819b6fac008ac20b885933f92","first_seen":"2023-05-10T12:46:36Z","last_seen":"2026-06-13T09:47:33.59287Z","times_seen":3651,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kr2trfa.xyz/","fqdn":"kr2trfa.xyz","domain":"kr2trfa.xyz","tld":"xyz"},"ip":{"addr":"104.21.5.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T15:40:37.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kr2trfa.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 11:01:50 GMT","end":"Sat, 13 Jun 2026 11:01:49 GMT"},"fingerprint":{"sha1":"E9:9A:D4:70:92:75:23:00:BE:A2:7A:3B:49:45:02:2B:D8:47:21:BB","sha256":"B4:28:D6:69:EB:F7:ED:E6:1D:66:2F:C9:E6:DC:FC:B1:A8:2A:C6:22:08:53:70:EF:B3:46:5F:72:1F:D9:7B:72"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kr2trfa.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 18 Mar 2026 15:40:38 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: scheck=1;Path=/;HttpOnly;Secure\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J%2BeGatYcmyH1BaWNXl1nqL4uu%2Bgup1KmmSWXvcgRaQgQcmjvRgyh7m5kKBxaeR9yUQ7cJAiwr9lIgFFYgTcKG1pKjgwsreQ7Hef%2B\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9de5564139684651-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5494,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (514)","md5":"e74b3cfe87c986835f814a22e5a3be1a","sha1":"9c2a3cfc0a6e5f453d38a701b219db8b04043447","sha256":"11c6c69ec59bc90ce70b87995e174c2dd000112d94f074398f79faf8b7096158","sha512":"1439c8589e97c3f42cd64e299d95ab8889617a7572234ce025e1fd89fdd4ff93e88ea8f798f52621a3376af651702598aa2e03dc2a10e5185bff01ef445201a8","ssdeep":"96:BQnq63PMMIW5aTiUf6n7iQfZTdyu7qFsejy:BQnVfJa2USdpQuuFpjy","tlshash":"c0b16453d65b04563402e434af9a77062ed8803be507e4643fdc66ae6fc66f489a3b8c","first_seen":"2026-03-18T15:41:11.092224Z","last_seen":"2026-03-18T15:41:11.092224Z","times_seen":1,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":134,"dns":95,"connect":8,"send":0,"wait":147,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kr2trfa.xyz/captcha","fqdn":"kr2trfa.xyz","domain":"kr2trfa.xyz","tld":"xyz"},"ip":{"addr":"104.21.5.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kr2trfa.xyz/","date":"2026-03-18T15:40:38.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kr2trfa.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 11:01:50 GMT","end":"Sat, 13 Jun 2026 11:01:49 GMT"},"fingerprint":{"sha1":"E9:9A:D4:70:92:75:23:00:BE:A2:7A:3B:49:45:02:2B:D8:47:21:BB","sha256":"B4:28:D6:69:EB:F7:ED:E6:1D:66:2F:C9:E6:DC:FC:B1:A8:2A:C6:22:08:53:70:EF:B3:46:5F:72:1F:D9:7B:72"}}},"request":{"raw":"GET /captcha HTTP/1.1\r\nHost: kr2trfa.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kr2trfa.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: scheck=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 15:40:38 GMT\r\ncontent-type: text/plain\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K1lfQJx38GnjTf4upM831TCWytLLY85j4w97bxc4Q69HYQNZawfeUSpb49VRr6X3cDyhOpFqgCaitoNPYE2EyCUYQ9au2WO%2B1hEt\"}]}\r\npriority: u=4,i=?0\r\ncache-control: no-cache\r\nset-cookie: cookref=https%3A%2F%2Fkr2trfa.xyz%2F;Path=/;HttpOnly;Secure\nses=E9e2TZWH1KNSA7KX75;Path=/;HttpOnly;Secure\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9de5564379550d2b-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15080,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with very long lines (15080), with no line terminators","md5":"21dc7e4036ecbeab16314eaa107fbe3b","sha1":"67cce8bb7c05fdc7162ea7c239b604405e8840c4","sha256":"4adb48bba6b2bea1641f525eec4b2cacc842c02a52b5f7ff49261b75129f5d85","sha512":"8d29b51008b58ee18fb57c01cf107efa6e9b81df811c90a879e55e206466565c10d497d2ad075cd3f3612966c5fd0ef7cf06398603dddf2832bea03b2f7c1805","ssdeep":"384:Bn/AJ7L+rVyKZslCm26xxsWYrDJHPOGzS:tAJv+rXvm5l0OoS","tlshash":"6662bf28dde221afcd93924eba5380e36fae48b6048df7549958d4d138fc5c85e6d490","first_seen":"2025-12-20T07:06:54.859445Z","last_seen":"2026-03-18T15:41:11.094459Z","times_seen":3,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"kr2trfa.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}