{"report_id":"7c592b62-5dc5-45ac-881e-0602b1e4b63e","version":6,"status":"done","tags":[],"date":"2025-11-15T11:36:59Z","url":{"schema":"http","addr":"kkra44-cc.ru","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":0,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"final":{"url":{"schema":"https","addr":"kkra44-cc.ru/","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"title":"Kra44 CC - место киберспорта и игровых состояний","dom":{"size":8223,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"e7f461b0bf1dad763929d48d363e3643","sha1":"87dda078b69b970c6fe924f3f106265da9fb7403","sha256":"2fc7940358a1527b6ea72d65955c0667c01613008b2d1f1a2e90c22328d9e8c9","sha512":"f831b1f960204791130ed6c1309432568409f8c58e2da0d65c30d2caab4dbddc88358931193437895b3b18c306400af9c2abc071526a262bbda679af0c89ca91","ssdeep":"192:polOPLg9du36bDnXOYl4wtEiEdDFfOYBrEFcHENBiRMiz:pmOPLjq/eYiTGYuFcHE3iRMiz","tlshash":"5402852269f914671681a056f961be0d7ca5843f7a0a670074ec0d9e3ff2f84c967a1d","dom_hash":"domhash22982b45c36b67e98f21b78081a52ebf","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kkra44-cc.ru","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":0,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-20T11:36:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"kkra44-cc.ru","ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2025-11-13","domain_rank":0,"first_seen":"2025-11-15T11:36:59.272036Z","last_seen":"2025-11-15T11:36:59.272036Z","alert_count":21,"request_count":11,"received_data":149012,"sent_data":4796,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-09T22:13:15.598397Z","alert_count":0,"request_count":3,"received_data":48697,"sent_data":1698,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-09T22:13:15.523411Z","alert_count":0,"request_count":1,"received_data":6432,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kkra44-cc.ru/","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"eventHandler","is_inline":false,"md5":"e56ddbb05a974a6bc5ea44661e509a21","sha1":"448d4cb69f9441e10731b1ff4aa9dc81502589bd","sha256":"1759e8c6c2ce9c987245281cd33bb9260ce82e31b604131a5da486db89369913","sha512":"a3b2b0accbc0f18d13fc0eb6d742a5bf00a9614399e05b97b96ed0963e7d29b5868f73ef541c5f5bf8d125e7f7040d03f39cc853a52ffa2f1e2ebb7a20165242","ssdeep":"","tlshash":"7b700008080000800a002c00e000020080c2000802202008c020a8a0082c088808f800","size":21,"data":"","first_seen":"2023-04-10T22:51:51Z","last_seen":"2026-04-03T17:54:19.44395Z","times_seen":39520,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"ab0856df80010b17911bf77ac5b6da66","sha1":"8e27253b905dc23bab2a8483c4953b4d360a03fa","sha256":"fd1236d421cc88e73c9365b8f19ff5270c8e09cb5d849879dac28da8cae94eb2","sha512":"91938f834f66c60386f3b3f2a8c4849b9c74e2559f6ee4e53e41d4f05f0e09637f23e55043af5a05c69fde7df3a0c2be587753e5754bd7d8523bc364c9d7b6a3","ssdeep":"","tlshash":"99f020b63c894434c3b712652bb3914a3439252f380ead11f94c18a23f98ca108ab91c","size":572,"data":"","first_seen":"2025-11-15T11:37:04.30458Z","last_seen":"2025-11-15T11:37:04.30458Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"88a4ad743e7414b94885a65c8ff040e1","sha1":"43eb4a6f57aad7d90f6f37e7ce3b3323620c6c0d","sha256":"981e63e4efd55ea334703c756d37e8f6090b14c11d4e486c1d29bc43513b64b4","sha512":"f3d14804d63ab29d9bc83bc4d4761890ff4e0f5ddef344a7f1603eb38e3587819ec48273cb5b815be07d9676d94611e1425bb419fa8d781bf82e2e71e4fe3198","ssdeep":"","tlshash":"5e31363a7970112105f64057b5fb2d087475480f7a41e3847edc4a49493bfdda1b6f4e","size":1613,"data":"","first_seen":"2025-11-13T22:31:07.88296Z","last_seen":"2025-11-24T10:35:12.358561Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/script.js?v=1763206596169","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2e5f01eed330cfad72e22d171ec1749","sha1":"9c81921fe97e02ec40c23b5f507af69689a565bb","sha256":"77c7d269caf37befd70862d3923d53482bbf7df66a23625e3db02db70ae4da55","sha512":"25c33a9e8c8bc447aa734bc2498b8708ec54d1fc4bcfaca155e1c890a023a87078df90fe749c3a8cc56516a67491251babadfcf7d3921058bcb691a75a87c2d7","ssdeep":"","tlshash":"1a11ba7216615efa20a2716b9d48a68cf4fb00ff3c8f122139285ca82d701b44368e99","size":906,"data":"","first_seen":"2025-11-15T11:31:08.952653Z","last_seen":"2025-11-15T11:43:02.310161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kkra44-cc.ru/icons/bell.svg","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /icons/bell.svg HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2007\r\nLast-Modified: Fri, 14 Nov 2025 07:07:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51e-7d7\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2007,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"82f8ae5b95d9804d75e342908cbb80b9","sha1":"613a041672a98c0be5c5ef8ad6fca3f9be4fc069","sha256":"16981528917d428ad33dda9d3eb796177afdd0b6667379081c5518927a1a9a03","sha512":"6c060b0efc5aaa5013ea23358b8da1bf41f4506d80b7bc35bfc3f71d89713c71c7a9be75a5845199058ec5c9adcdba36063184245f1860fd890269205d052f49","ssdeep":"","tlshash":"2a4111f5d6c9f1e0a446abd99f2a919a339e30ff3b91dac602449ac0e012038988cc14","first_seen":"2025-11-07T18:36:06.45735Z","last_seen":"2026-02-03T08:21:52.157049Z","times_seen":293,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":164,"dns":1,"connect":8,"send":0,"wait":10,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmQiArmlw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmQiArmlw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kkra44-cc.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 11840\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 10 Nov 2025 23:40:01 GMT\r\nexpires: Tue, 10 Nov 2026 23:40:01 GMT\r\ncache-control: public, max-age=31536000\r\nage: 388595\r\nlast-modified: Mon, 08 Sep 2025 18:08:11 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11840,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11840, version 1.0","md5":"a0f8baa16418514a286278c0a773d3a6","sha1":"e3029db449750770ccb50c74364a7ef61e8ddb36","sha256":"fe56d0d137acb0f9b17754d3670f5ecaee2185548dd9a8c44535a5f194117ddc","sha512":"c66f50263acfe1ca68e2f3999f76a9c73fc09fcb54ebec4949bca670d63bdcd68e9c9ae8b83ad69da84c9cf8627b6b84e2777b9112cafd7c62fcf8f9e799c39a","ssdeep":"192:hxLRc1v0nOzVBEm+alnYKZEiy2FqJ+/TUabyEF731idesuGqJwx8VyFH:hxLu0eVBEbayKXq0byEF7Fide0qFVyFH","tlshash":"8c32bf0e77904994e073f26712612571e9f9e3dd1bc66f80b1409d4ca88ee466bccc35","first_seen":"2025-01-14T08:51:39.832648Z","last_seen":"2026-04-02T04:03:41.620543Z","times_seen":1851,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":154,"dns":1,"connect":28,"send":0,"wait":14,"receive":3,"ssl":128},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmaiArmlw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmaiArmlw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kkra44-cc.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 13740\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 10 Nov 2025 23:38:37 GMT\r\nexpires: Tue, 10 Nov 2026 23:38:37 GMT\r\ncache-control: public, max-age=31536000\r\nage: 388679\r\nlast-modified: Mon, 08 Sep 2025 18:07:10 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13740,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 13740, version 1.0","md5":"0ed27c0cc21140f52d29c938c6738a5b","sha1":"e4fc295db7f45d31f6df3ccfec943efbfa477547","sha256":"fdd953c288159a1f149911720d8a19fad17dc80f1a0609948cfa1458c368899d","sha512":"19c298eede11ec174fba54ca4f1ded4514ee66a260ed3392de28a457e31653324ffc8abdb1637ba624c29de80c4712ee4441d8b4edacbe37474a4f5df7be8ef9","ssdeep":"384:WsTCRAb6hZLoPpXarDsJ9IEMxnymmSRg0z:BR6hB+9JuthVz","tlshash":"bd52d08922467bbfe3cf6ce5f6464c9f83d3121052e718f19ac184d4fbb6166c941d12","first_seen":"2025-01-14T01:42:40.251339Z","last_seen":"2026-04-03T13:37:05.367287Z","times_seen":3246,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":128,"dns":0,"connect":29,"send":0,"wait":14,"receive":3,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/style.css","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: text/css\r\nContent-Length: 6165\r\nLast-Modified: Fri, 14 Nov 2025 07:07:09 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51d-1815\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6165,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"1a9c8e1472d32a21842192a38e8b1d54","sha1":"01ffc88f3e03f94fef600552f7ee82f7768a1dc9","sha256":"1303331589ea25aa8c0455b2b4d22f013ae35b6dc5b96346cd6108f9c8c32f8a","sha512":"d70994ce7b1592237d35345116f69437b3bd398da7517f1224d0c62b48cfaa07a0244d887b7d576993691dbe1b2ba792e59e9b6df0ec01b82cec57a138e6ccf5","ssdeep":"96:dFKdzNh+2FXZwfOH3fgtV3oQwqw8DUeXliTiqt4RPWlKhXSr5qx44:dctboWH34u7+PWBr5q3","tlshash":"16d1ed99ea0811017232dfb4bf228b66bb958062870606febff05058b6c97795671fdc","first_seen":"2025-11-13T22:31:07.863045Z","last_seen":"2025-11-24T10:35:12.353864Z","times_seen":14,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/icons/mail.svg","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /icons/mail.svg HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 809\r\nLast-Modified: Fri, 14 Nov 2025 07:07:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51e-329\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":809,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"cd832466ea589ad994e3ae72763ae896","sha1":"b107bd3afce1c7d5f07d35a421c49977dfc147c8","sha256":"b86009a5afd5d7aa26ae67c56006094d56fdd08206dbaa19f69fef614b5abf7c","sha512":"531f89f01b1e9aecb3523a986475a495ac9adf6bd8380727363300cb7ef2a9d6a7448d281a9172afa246dbc552a8593a40525b22497f3a1276d5f6aa00e39d8f","ssdeep":"","tlshash":"b901aff1e7b5b584d30a57b18df0b55f320b29a91d7389c89452ad9cd264dad0714c14","first_seen":"2025-11-07T18:36:06.462669Z","last_seen":"2026-02-03T08:21:52.154426Z","times_seen":293,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":166,"dns":0,"connect":8,"send":0,"wait":9,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/icons/icon.svg","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /icons/icon.svg HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 1682\r\nLast-Modified: Fri, 14 Nov 2025 07:07:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51e-692\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1682,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8155b5a1de4d4c47da7bba99b03120e3","sha1":"6dfa7536ce273c5b4ce580e7ddf560d0cf8e5e58","sha256":"2ff692ff73df7225162203982e4ba8f86dde13fcdabbfe6a2bb9f24b253d108e","sha512":"e41f72b8d6ed4f4f6d626f257f64e94ab706115c796bb58464f6515c1d73e54eb3bd613adb02f9a01123138e83d03e0dd7720e38fb9e729289d9da47a2564eb2","ssdeep":"","tlshash":"963166f2c5eae5e049057ff4d83780adbd672cfe7f88ca99c1846c54914847ce44d848","first_seen":"2025-11-07T18:36:06.461905Z","last_seen":"2026-02-03T08:21:52.15307Z","times_seen":293,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":173,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/script.js?v=1763206596169","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /script.js?v=1763206596169 HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 906\r\nLast-Modified: Sat, 15 Nov 2025 07:20:21 GMT\r\nConnection: keep-alive\r\nETag: \"691829b5-38a\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":906,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"a2e5f01eed330cfad72e22d171ec1749","sha1":"9c81921fe97e02ec40c23b5f507af69689a565bb","sha256":"77c7d269caf37befd70862d3923d53482bbf7df66a23625e3db02db70ae4da55","sha512":"25c33a9e8c8bc447aa734bc2498b8708ec54d1fc4bcfaca155e1c890a023a87078df90fe749c3a8cc56516a67491251babadfcf7d3921058bcb691a75a87c2d7","ssdeep":"","tlshash":"1a11ba7216615efa20a2716b9d48a68cf4fb00ff3c8f122139285ca82d701b44368e99","first_seen":"2025-11-15T11:31:08.952653Z","last_seen":"2025-11-15T11:43:02.310161Z","times_seen":4,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/favicon.ico","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.574Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 101392\r\nLast-Modified: Fri, 14 Nov 2025 07:07:08 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51c-18c10\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101392,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel","md5":"43c85273b4ffd1311892b0b527407e30","sha1":"e34da69cef0622072b99bf9f865bbbb3d4bac300","sha256":"e96845bcd9e448763b3e667e7186cb25270f664a680c479cf33074dcf2aed3dd","sha512":"f282496529c943611f6dbe100c3d73764175e20ec43ad3244c53b16e6db6d5c5782bcb0baa2dd7659cfc589e2d2e609a69ebeb9c3aedc63d4ea82894b2b08b82","ssdeep":"192:1NIrfSnBw6OnFlEkEkEkEdHHHTHHHPUkU93jX9Rhkuncw+0xXz4Rv:18SnBw/YHHHTHHHE3jX97xcw+014d","tlshash":"aca35350b2d6f61ad1d876344c93ce792331ac958c175b2b32ce7f9b39f42a629093e4","first_seen":"2024-10-16T16:01:12.238269Z","last_seen":"2026-03-30T15:52:23.276858Z","times_seen":401,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-15T11:36:35.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:35 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8320,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"1937d81f2f5fd764aaf2fc5e8889b080","sha1":"13423b8fa4174cc73c1468c040bdf778f6be9bcd","sha256":"ce86613e6535443ffa91ded08148cea4e98c500e75c64d07e8f5b244f46dabd8","sha512":"dd638c4da74003ffacaef7fb017921fd5d9c06d410809809fc448aa9d9f36045b4b755dc8ba591b51d5a92c8fb59786b49209065145b3fc96a7cd2f333a73108","ssdeep":"192:Col5jCq79dO5oDq4ObJK9toiY0KDRf//0RZAy9yMFE1KiOriT:Cm5jCplXbdH/XMRGy9yMFEEiOriT","tlshash":"c102713228ca18670671a162fa21be4cfd65847faa06570034fc1d9b3ff2f44c9a7a5c","first_seen":"2025-11-15T11:37:04.299699Z","last_seen":"2025-11-15T11:37:04.299699Z","times_seen":1,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":33,"dns":0,"connect":8,"send":0,"wait":9,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/icons/telegram.svg","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /icons/telegram.svg HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-03T18:31:29.894522Z","times_seen":476818,"resource_available":true,"data":null}},"time_used":354,"timings":{"blocked":160,"dns":0,"connect":12,"send":0,"wait":10,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kkra44-cc.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20612\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 10 Nov 2025 23:19:02 GMT\r\nexpires: Tue, 10 Nov 2026 23:19:02 GMT\r\ncache-control: public, max-age=31536000\r\nage: 389854\r\nlast-modified: Mon, 08 Sep 2025 18:08:15 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20612,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20612, version 1.0","md5":"b07da7aa3e4f363c5cdbc11312239e8c","sha1":"47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8","sha256":"e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa","sha512":"420729406b315d8af34b62b78f39e763f5cf33cbf94467457b393fde0573dd7ffc6a23f25680988f9b82a4a3b719876ff76f3e1db047ce82615f544fc3a82532","ssdeep":"384:k5Eu+yl5Y9RpwjjmD/8Qu+POP9w+oB7rezldH9W4EMs8qCr9WvS80M8T4PTEXPFw:YEu+/Jw3FF+WP9DC/ez79jcCrb8BK4Eq","tlshash":"8192df6bce71497ac711262c773917addb8b44f627f91f2ba0562411c7b8e015c2cc7a","first_seen":"2025-01-09T06:25:34.419113Z","last_seen":"2026-04-03T17:49:35.94302Z","times_seen":45602,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":82,"dns":0,"connect":13,"send":0,"wait":15,"receive":6,"ssl":66},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"86:F4:DF:07:D6:8D:EF:68:44:7A:73:C8:39:14:1A:2F:98:5E:A2:40","sha256":"A0:B7:4F:94:25:40:33:52:BC:F7:0A:E1:AD:30:BD:19:C3:E9:BB:25:0B:05:26:7C:F8:BB:F0:59:3B:E7:F2:8D"}}},"request":{"raw":"GET /css2?family=Roboto\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 15 Nov 2025 11:36:36 GMT\r\ndate: Sat, 15 Nov 2025 11:36:36 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5746,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"017672004526d49c616a83a1885ca6cb","sha1":"317c4a759af5149d1777a5c195c2030c842d4b70","sha256":"6ad67efe8c01a7f843a39344a43ca877e30726dd0cae6db3ce719a22a63bbc70","sha512":"f1dbb144b98e0a05fcaefd0367bb48be095ce28add6c7e8e8ac4d6b4b31dd76e2a7edaa4587bb78841aac8d679c53ba06e7a98775e9c6eaeee11c18c4f251ed7","ssdeep":"96:1OEbaNllOEbaNsFZKOEbaNWOEbaNVTOEbaNVy+aZjzBrgOEbaNIubqGIFuV4yOE6:2NlmNMNVNVkNVqbNfbqGIwV4BNdNzwNY","tlshash":"9bc1fd91041704409b835cd227ce7f34fe1f92116544d0b9abfc9b6beddbda6426836e","first_seen":"2025-09-08T23:56:02.073922Z","last_seen":"2026-03-05T16:22:21.514891Z","times_seen":5277,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":133,"dns":1,"connect":29,"send":0,"wait":45,"receive":0,"ssl":104},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/icons/logo.svg","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /icons/logo.svg HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2054\r\nLast-Modified: Fri, 14 Nov 2025 07:07:10 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51e-806\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2054,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"32af2241a3864f4e7369bfb2b2fcfda4","sha1":"1a4aed10196429235c0d0967a31534d8ea90b812","sha256":"b028caf4a97470b1369995fc4e28d618cf3fb4be1699cf5e25abf6674cb2a51e","sha512":"49cbd3f9d1028ba4bc94e541240936b6321ce29d159f472525bdf0eccf0023ba012f3f8f92a5348e0eca2a409e2ac1d38b3de2beaac111c0b11e0b306758cdde","ssdeep":"","tlshash":"094120d94984f534b9818ffe5a29b025f237fce4f202c1e449c3250769810ad2aaddaf","first_seen":"2025-11-07T18:36:06.461068Z","last_seen":"2026-02-03T08:21:52.150038Z","times_seen":293,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":174,"dns":1,"connect":12,"send":0,"wait":10,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/images/1.png","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /images/1.png HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 11717\r\nLast-Modified: Fri, 14 Nov 2025 07:07:11 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51f-2dc5\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11717,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"Blender:File:C:\\Projects\\captcha\\captcha-3.blend\", comment: \"Blender:Date:2023/02/15 01:37:05\", comment: \"Blender:Time:00:00:00:00\", comment: \"Blender:Frame:000\", comment: \"Blender:Camera:Camera\", comment: \"Blender:Scene:Scene\", comment: \"Blender:RenderTime:00:00.07\", baseline, precision 8, 380x120, components 3","md5":"5f8b4f2b6dbf5798dc35b7a6c31f822a","sha1":"d38fc55a37e56a6cdc3157f434191d43e2c66add","sha256":"d5c9542789cd43113a9efd469f7d474f4f54bf7006de7e32dab33ed563024d17","sha512":"16835a0525fecbab43d5c2f09e8439eae536c0fc6a18834a12d2c8066208f1c5601b0f55239d10400a56fe62ec84b4d4aa8348cd4d0b9baaf52d0699529e639e","ssdeep":"192:/syaxJ9eGVjOjUPY9tsTovGSbsiTazLPvVZrnoDl38XLBxtAQg2W:kyifeGsUAfswGmsiTsrDrnoB8XHY","tlshash":"a932c011d3e3eb2794bfc975c5cc4542c37e2c41b05811af27e95a0eb0c6baa768de0a","first_seen":"2025-06-27T14:25:42.763406Z","last_seen":"2025-11-27T16:08:04.683101Z","times_seen":33,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":162,"dns":1,"connect":11,"send":0,"wait":10,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkra44-cc.ru/images/4.png","fqdn":"kkra44-cc.ru","domain":"kkra44-cc.ru","tld":"ru"},"ip":{"addr":"193.105.134.74","port":443,"asn":42237,"as":"w1n ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkra44-cc.ru/","date":"2025-11-15T11:36:36.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkra44-cc.ru","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 16:46:35 GMT","end":"Wed, 11 Feb 2026 16:46:34 GMT"},"fingerprint":{"sha1":"B2:DB:4E:AF:76:CA:BB:00:9E:69:9C:83:3D:72:18:96:C3:3D:9C:56","sha256":"90:98:B1:18:C2:DE:FD:A6:A7:69:F6:41:1C:4B:51:E2:75:DA:6C:1C:64:CC:25:28:8D:19:DF:39:3B:A2:B4:F9"}}},"request":{"raw":"GET /images/4.png HTTP/1.1\r\nHost: kkra44-cc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkra44-cc.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 15 Nov 2025 11:36:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 11322\r\nLast-Modified: Fri, 14 Nov 2025 07:07:11 GMT\r\nConnection: keep-alive\r\nETag: \"6916d51f-2c3a\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11322,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"Blender:File:C:\\Projects\\captcha\\captcha-3.blend\", comment: \"Blender:Date:2023/02/14 21:38:41\", comment: \"Blender:Time:00:00:00:00\", comment: \"Blender:Frame:000\", comment: \"Blender:Camera:Camera\", comment: \"Blender:Scene:Scene\", comment: \"Blender:RenderTime:00:00.07\", baseline, precision 8, 380x120, components 3","md5":"dd121f795cad682fdee094afd5b87d78","sha1":"3a9de6f2ca454bbcd8f46d24b132a2ba36d01815","sha256":"0df9d1a8018eea2c80ebbdfd8c5de62f4ac368578a2dec1091571154b5b15acb","sha512":"a1d369c16a218f6644e94afd3b612f2ca836732dc1b2cd4f07c4609480278d548916a4a68720cf9d812ccb04440641f5047217e7ef5230496349cafc0e4974c0","ssdeep":"192:GssyWkZ+yBLO7bAYb2noWaEXSDid2Br73HvAwJHeTQya+OTrLwGhhSom:UyWkZz0pbRiXAs2Bn3HwTE+4rLhhSom","tlshash":"32329e07c31b7760b633b4bbfe18d09deb486985f6796c146e4ac3ca8d800e8b5eb551","first_seen":"2025-11-10T01:53:44.600005Z","last_seen":"2025-11-21T21:42:55.358293Z","times_seen":7,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"kkra44-cc.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}